Rewterz Threat Alert – RedLine Stealer – Active IOCs
September 13, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
September 13, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
September 13, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
September 13, 2022Severity
Medium
Analysis Summary
Malspam is being used to target victims in an Agent Tesla campaign. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.
Impact
- Credential Theft
- Data Exfiltration
- Information Disclosure
Indicators of Compromise
Domain Name
ftp[.]onogost[.]com
MD5
- 08cac56b75979c1f3bfc2e83e123a2fc
SHA-256
- 11731e8a97c3ced6e50ffa011b04bc6b54cc5e4ee1ccf2c4fc70247b7ae4528b
SHA-1
- 56227c920783d547a673e0de919f438dba846c01
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.