• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Multiplle Abode XCMD setAlexa Vulnerabilities
December 16, 2022
Rewterz Threat Advisory – CVE-2022-42343 – Adobe Campaign Classic Vulnerability
December 16, 2022

Rewterz Threat Alert – Eternity Stealer: Eternity Malware Project – Active IOCs

December 16, 2022

Severity

High

Analysis Summary

Eternal Stealer – a malware family – can access data from systems like Credential Manager, Vault, and Network Passwords. Browsers, password managers, email clients, messengers, and offline cryptowallets are all targets of this malware (cold wallets). Its creator uses Telegram IM (Instant Messaging) service to market their malicious wares.

Recently some researchers examined the ‘Eternity Project,’ a Tor website that sells a wide range of malware, including stealers, miners, ransomware, and DDoS Bots. Its operators also run a Telegram channel with 500 followers, which is used to share information related to malware updates. Through their Telegram channel, they allow their customers to customize the binary characteristics.

Eternity Stealer

The Stealer module is available for $260 per year as a subscription. It steals sensitive data such as passwords, cookies, credit cards, and crypto-wallets from infected systems. Telegram Bot is used to exfiltrate stolen data.

Eternity Miner & Clipper

Customers can configure the Eternity Miner module with their own Monero pool and AntiVM features for $90 as a yearly subscription. For $110, the Eternity operators also offer the clipper malware, which monitors the clipboard for cryptocurrency wallet addresses and substitutes them with the attackers’ wallet addresses.

Eternity Ransomware & Worm

The Eternity Ransomware costs $490, whilst the Eternity Worm costs $390.

According to researchers, they have seen a considerable growth in cybercrime via Telegram groups and cybercrime forum, where TAs sell their products without any oversight.

Impact

  • Sensitive Information Theft
  • Credential Theft
  • Crypto wallet Theft

Indicators of Compromise

MD5

  • 37da979d87ef402b50cb00266bc00808
  • 0554b46bf73fb47e87b55075480adf7a

SHA-256

  • d2a5fb8eb9ad3db722be4d6a4bfe3acff288dc1cde64644a7b9900d2563b14d8
  • 9d9e2e1472289d61a36488a0cd67a07e8dc5f7169b5d7719479610c38e070d40

SHA-1

  • ae0134c76c9871bfede27d5f9d7c628f660bacd2
  • f5aea523b886a4bc1d75dccd59e2d3f2774ed424

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
  • Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
  • Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.