March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Phishing Emails Targeting Pakistan’s Financial Sector

March 4, 2022

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 4, 2022

Rewterz Threat Alert – APT Group Gamaredon – Active IOCs

March 4, 2022

Severity

High

Analysis Summary

Gamaredon is a Russia-backed advanced persistent threat (APT) that has been operating since at least 2013. The main goal of this APT is to use the malicious document to gain control of the target machine. The exploit document uses the template injection technique to infect the victim’s computer with further malware. When the document is opened, it connects to the hacker’s server and downloads the payload file. Gamaredon’s tools are simple and designed to collect sensitive information from hacked systems and propagate it further. Its information-gathering efforts are nearly comparable to those of a second-tier APT, whose primary purpose is to collect and disseminate information with their units.

Impact

Template Injection
Exposure of Sensitive Data

Indicators of Compromise

Filename

w86yn2wx9[.]dll
(Автосохраненный)[.]doc

MD5

f9166fae86607ec2f84b02cea5c766b2
2f075bfa93c839b59929ec32fbce0146
98a49e7c2c303f1eef20b8023dc8c543
cd73621d52d0c17849cfff55b67961de
d06c413d0441be3b716434e1e069c3a5
a42c536aa7ff89e88f70f4a038fbf61f
8b710b4064acced022243b60387c7ee5
5d716d5cd77f1d1639104b7407317c5e
bb1c8ad9f422a39ce6329e93dc060438
64471311697db4541e0bf30cc16fbbc8

SHA-256

c577bbdfec7983aed227f3079c19f1a6b5680fd3cee278ee0af419b56ea5d14c
0e592e24593e064f0f4fd3c619807a5e4f176b13be552b01b99ed331ffb55e6e
3d5071deb287620ad6142ab63dc97c44a1f7cb6b4b4ac51cb68d08907664514c
3213c5e1427eec00eb33a97e806c147b838d9ef93b8be4f4d4ac98164fd08615
42fbc48e1e604605d19cca5c1472ce46e6c6f4cd8fea11880a7c61e7131f4860
64223dc258e6687064bbf25527b78e0979d6f13bc8e8669ed0b33dfe43ce9f99
7e11c1245e6931ba88c4141f92ef0084aea225f7060a6f84b42de604497973c2
9ae94313c293975cc4e6d00ba00739c1c17c079d5e0e11bb74637f349e3c9b57
8db529765e5df53e6c9f2614f21b4233fe43714f3438a4a7ec04e454c3662ab1
ee08d18162a1fbccc3fad7bcd72143d07fa9613528fa4915b137746a04872e98

SHA-1

f6cd63f1e230d999274fe6a09dc2687dd120f7f6
9127e5186d3f7767184164bdddf72100775bc3e2
e5236411b77e039e9635cc8e7d34cc7c5aaf3c05
9942cfc5c6ead24763c5b151b2af71d0e5c8b7df
74ee6fe6bff7f6c04c75fd8c70c197331069de11
bbe0b91b448de10fd1bb49e82130d8d92692eb63
afeeaacd0e54ebe85b721d2905037af606f8f752
13381c689a23b30599bcffa196700648fda06418
7fd965600402cd75f8963993a7df95b5b7b3031a
f8a06fd1061e176712669cfaafbd7fbcee274ca0

URL

http[:]//classroom14[.]nay[.]sour[.]reapart[.]ru/WIN-86K6F87B2S3/bid/sour/glitter[.]kdp

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Phishing Emails Targeting Pakistan’s Financial Sector

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs