March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
February 16, 2024
Rewterz Threat Advisory – Multiple Dell EMC Unity Vulnerabilities
February 16, 2024
Rewterz Threat Alert – A New PikaBot Malware – Active IOCs
February 16, 2024
Rewterz Threat Advisory – Multiple Dell EMC Unity Vulnerabilities
February 16, 2024
Severity
High
Analysis Summary
The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug, and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. This time they’re back with another malicious sample dropping malicious exe file samples to different users. Believed to be sponsored by the Russian FSB security service, Turla has been active since at least 2008 and while constantly evolving its toolkit, has also been turning its attention towards the infrastructure and resources of other APTs.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 0f2e9f501ca9780eff309b7022c9b01a
- e4c356cf822cda0ca8e8161cb5bf6c39
- 708ad1508c8e7a40520c5c8bee7f32be
SHA-256
- d6ac21a409f35a80ba9ccfe58ae1ae32883e44ecc724e4ae8289e7465ab2cf40
- 267071df79927abd1e57f57106924dd8a68e1c4ed74e7b69403cdcdf6e6a453b
- b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f
SHA-1
- e7fc80825c5b1f5d29836dde45e9314357d102a0
- ee350f5295fc127285791b76f2a2be98d7681a91
- c17c7c8db1ec0c2d7e85d570267239ddcf5c5073
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Conduct regular security awareness training to educate employees about phishing threats and safe email practices.
- Enable multi-factor authentication (MFA) to strengthen account security and prevent unauthorized access.
- Implement robust email filtering mechanisms to identify and block phishing emails, reducing the risk of malware delivery.
- Ensure timely updates and patches for all software, including Microsoft Exchange servers, to address known vulnerabilities.
- Segregate critical systems and sensitive data from the rest of the network through network segmentation to limit lateral movement.
- Deploy comprehensive endpoint protection solutions to detect and block malware and ransomware, safeguarding devices from compromise.
- Collaborate with cybersecurity organizations and law enforcement agencies to share threat intelligence and stay informed about emerging threats.
- Develop and regularly update an incident response plan to efficiently handle cyber attacks, reducing downtime and minimizing the impact of a breach.