Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 29, 2022Rewterz Threat Advisory – CVE-2022-35714 – IBM Maximo Asset Management Vulnerability
August 29, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 29, 2022Rewterz Threat Advisory – CVE-2022-35714 – IBM Maximo Asset Management Vulnerability
August 29, 2022Severity
Medium
Analysis Summary
Malspam is being used to target victims in an Agent Tesla campaign. Since its initial appearance in 2014, this has been
deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of
target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s
clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate
running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from
researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.
Impact
- Sensitive Data Theft
- Credentials Theft
Indicators of Compromise
MD5
f745b0695c54139f53ffd317b284e135
62d2bb8d4d246c0465dcb8ef2ce64ae0
aef4d822f0057e237b1307c9dfe95ea2
SHA-256
7299f8a98a4258e4f04deb6924f2c474caf40ad0518ef67301de8ae5681ca1bc
fe9c6577a6e952d6cdae6af1944f9dc1137295ef6daee6972aa2db865c87fdf2
815660e34fd0439ea64e4579fff22c1757791eba56f1be2fd29787637723a0a6
SHA-1
6b498441e8ee9fd54644b45872a0f0be1228a5a9
e17233e0275537f582475f679f8c7365f4ff4004
7b1952bb04340c7ddc886613515fdbaa06c65a1d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.