Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – IcedID Trojan Rebooted with New Evasive Tactics
August 19, 2020Rewterz Threat Alert – WastedLocker Ransomware Active in the Wild
August 20, 2020
Severity
High
Analysis Summary
A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems. Named Satan by its authors, the malware is called Lucifer by researchers to avoid confusing it with Satan ransomware.
Besides adding Linux targeting support, Lucifer’s creators have also expanded the Windows version’s capabilities to steal credentials and escalate privileges using the Mimikatz post-exploitation tool.
The Linux version increases their ability to harvest additional systems into its botnet. Moreover, the addition of the new resource files along with the Linux version suggest that the authors are still actively working on new features to increase penetration and expand its footprint. With tools such as Visual Studio, and additionally with the release of the Windows Subsystem for Linux (WSL) cross compiling binaries, testing and debugging has become much easier. WSL also increases the attack surface of the Windows host it is running on. Lucifer may soon be recompiled to run on IoT-based devices and include common IoT vulnerabilities as an infection method.
Impact
- Credential Theft
- Privilege Escalation
- Unauthorized CPU power consumption
- Distributed Denial of Service
Indicators of Compromise
Domain Name
- qf2020[.]top
MD5
- c389223a3850569aac2a1b37f3cdc2ee
- 29773601d94c0fa70d43a6636f68e7f4
- d53e3e6e5edc624b39c7d4647961654f
- 28cf9d4c30495370af3b481433516aef
SHA-256
- ca4ba7267801639a04c69cd44c32a88ddea181d556ca5f717195d84d479db9fd
- a6a3f180ec6b88617c8fdeb9258a718cce91e11801548e610537f46ea2db8f3b
- 73dea635e1493b74ce1aae2590eeb14fdd80cd172cc5f770162bb030249baf29
- 7caf6f673d224effa207c3b3f9a0ce65eabe60230fbc70e52091f0e2f3c1f09c
SHA1
- 2184f3ebb3741dceeef04184a92ca49dc9b8a35f
- 9708f3c0d037d16b8f8b38ac4d3410dbf5d0f0e0
- 178dc10377d618b7481235e9736a0304384f046a
- 6b2861e3ee6348cf8a186f2693b04495469ff5de
Remediation
- Block the threat indicators at their respective controls.
- Keep all systems and software patched against all known vulnerabilities.