Rewterz Threat Alert – APT SideWinder Group – IOCs
December 27, 2021Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 27, 2021Rewterz Threat Alert – APT SideWinder Group – IOCs
December 27, 2021Rewterz Threat Alert – RedLine Stealer – Active IOCs
December 27, 2021Severity
Medium
Analysis Summary
A new AgentTesla campaign is seen targeting victims with malspam. AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and file downloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard, can log keystrokes, capture screenshots, and access the victim’s webcam. It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, in an attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.
Impact
- Credential Theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- 092ac9e3584c14d11466104765e66c35
- 7697e834b134c94de1650b2ec2164e58
- c10c417542508195d9e392765b2030d4
- c6a32a2d9bd7b31a9be01eb00e261c3c
SHA-256
- 0d7e87634d90e0042e752f4f9e03446a060469605aa0f0dd059f52f71d16a1cd
- b67cf11352111f471f987175eeb1ca017d51b03784e3becd1223867d144aaa6c
- a6fae49b36cffae490026384fc852b76c276c3bb569e9ff63d8e20ef58f06a8f
- 366b1df1109608a444a2b0fca15cbb2bcd07b3540cd152baed65018556f3f3e4
SHA-1
- 687b6ea86e38bfeded519c6a0045ec9e532ac7ba
- ef5c5bf6fc3c4ee47cd547ec4ed153801a27f3df
- 5c58481a7181ea5e049c0f52a8ce0248c2da8359
- a716058a8112c8712a7c89e2d40006e68eab190a
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.