Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
October 4, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
October 4, 2022Rewterz Threat Advisory – Multiple GitLab Vulnerabilities
October 4, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
October 4, 2022Severity
Medium
Analysis Summary
Malspam is being used to target victims in an Agent Tesla campaign. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.
Impact
- Credential Theft
- Data Exfiltration
- Information Disclosure
Indicators of Compromise
MD5
- be786b6d3c789c87f98d50d72d507839
- 8bc4f1ac0b1b9d7eb1bef9a16cde6bac
SHA-256
- 3b2450e0ee2ad06aa33efbbfe0aea1296612d037a2b2f6d7717e674d46ed0243
- 772e0352aac25d066dea836f9905de4297b152065cc02fc9605eaa6b8590fc70
SHA-1
- 0164229ee58db596d0f2e91308e479e90e93b0c0
- 38bad01f022b31960812029304f8d47d2a2075d6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.