March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

November 2, 2021

Rewterz Threat Alert – Quasar RAT – Active IOCs

November 2, 2021

Rewterz Threat Alert – FormBook Malware – Active IOCs

November 2, 2021

Severity

Medium

Analysis Summary

FormBook is an information-stealer malware that has been active since 2016. The info-stealer malware’s capabilities include stealing credentials, capturing screenshots of victim’s desktop, monitoring clipboard, keystroke logging, clearing browser cookies, downloading and executing files, uploading and removing bots, launching commands via ShellExecute, downloading and unpacking ZIP archive, rebooting and shutting down the system. The attackers behind these email campaigns used a variety of distribution techniques to deliver the FormBook info-stealer, including PDFs, Office Documents, ZIP, RAR, etc. Some of these files are related to quotation requests.

Impact

Credential theft
Keystroke logging
Data Theft

Indicators of Compromise

MD5

13f1b2e120717d36e423128dcc33b6e2
14ed994fbe56803fdfa0fc45f5c18510
2f1fd136548ae71b3038368f894a37cf
a928d1866afcb0696d4ac43ceec12128
8d29bc50a601648241a13f81bc6e0f50
bcb1f4325fc6f66e06d27bc0b680940b
4a03fdac1c34f846a9bf9c2ac1f75282
81a180a6ff8de4d2e50f230974a0acd4

SHA-256

9171c65fca47c17fffac4840eb89d4f21a2abc313666597f0f2425b65a6dcd67
df7583bdd967818800bf1040175498b8f3312271d6eda618b181c6ff8b6809a2
28abbfa5905f8bb99ff6f2847ffc8bb6ac19253a5e774eab2bb7607995fd5b7e
1aa28435e63887b1ee372f54ce2e926888d19f5d3d3ab4d35d39da4b5272d721
7d2fedc23aff155a0fc9027a0148aa5b184f5983d47e08bc051707f72cc83684
6d1fbff085cc6e783b306932a047463455deaca5c62757f50ee2babad6768952
051add746f1800884c3700c9a040d6dbf4c2aedb2621741820e4d0f53e0c1a02
536efdb7661f63f94b801b4f4a7ce045834116a4a3fd473c9b744f5fc9d5a266

SHA-1

0c32d4929546c10d84e570fd0b4c08c8e039f001
6294147a255a4cebc212b1528df15820419fdcab
52a1e24e823be30c5e9ca30f4d2c20c291f91aab
55edbb8f5334194ab0345bd72b9cf58ddb384579
2c558ac80e157a8d5daa7dbe92807af7ca082063
d426b19ab01b43dc173eefe4db1fe6d7304a6f5b
51bdfbe047d1f192fff1ded5b6def3768a17598e
f112699475ca07c896efe745f364e3f39cb0ddec

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Rewterz Threat Alert – Quasar RAT – Active IOCs