March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Nanocore Rat – Active IOCs

March 30, 2022

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

March 30, 2022

Rewterz Threat Alert – Emotet – Active IOCs

March 30, 2022

Severity

High

Analysis Summary

Emotet was initially discovered in 2014 when it infected clients of German and Austrian institutions. Emotet serves as a downloader for other malware variants like TrickBot, QakBot, and IcedID. Phishing attempts are the most common way to propagate emotet trojan, which employs an email with malicious links or Macro-embedded Microsoft Word files. It has mostly been used to attack the banking industry. Emotet can launch several malware payloads depending on the target system after deployment. Emotet is frequently used as a downloader for other malware and is a particularly common delivery method for banking Trojans such as Qakbot and TrickBot. Emotet can steal data such as saved user passwords on the browser by eavesdropping on network traffic. Its modules focus on credential theft, email theft, and spamming.

Emotet has been active for phishing emails, dropping malicious Word documents which enable macros when downloaded and executed. The malicious file suspected of being used as an attachment has the name form.xls.

Impact

Credential Theft
Information Theft
Financial Loss

Indicators of Compromise

MD5

d005d48362f78ca2f8eb02f17639b272
67ca09a56fb5f2ccdbf82ef2a48e45f6
e2bbd2b50a0c992d5d6f1996882e8352
0834fc1bdfa7726ad23eae86316d6d04
5bd77d6bf535d2626519ca9d64df55b4
d6e2b10ded4007917f6b99c09ec1eaf2

SHA-256

46f28c4ace31fba53760977251183e81a4d4f6740c550d27a73665376318ac3d
11388ab6a5ddf4428f702631f9c917387a0e41810a583427274cebbc73845ce4
02b5337bcb296ecdfcfb246bb1bcb172c23ed58f92126db52f8c135d6eaed416
6eb16e0690e24c1b65d09c39133e26dee115930191fbb0b6a2a6bbf2963962c1
1b7b4de07674b0a896830c649a51473d0c17f4ea18ec4c30001b9886c6af41dd
de194184575783e158c569cdb62687aa7e8fbb8472461511e2626db0430fadea

SHA-1

97091e7ae72047b119a3e79dff337947c7765045
3f0336fb728ddc15fcbe4a1745a900e0eccb5668
487527d8658a81937d29dc46af8eeb5295d77c76
15d428648ea8f8986ad3b455e60e2f9c05a63ed1
1daf1d173a058a71c181e7e13b3774f9a76aa311
8e3da6244ba89d6a847c438ce97d534317dc2bed

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs