Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
January 26, 2022Rewterz Threat Advisory – Multiple IBM Security Guardium Insights Vulnerabilities
January 27, 2022Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
January 26, 2022Rewterz Threat Advisory – Multiple IBM Security Guardium Insights Vulnerabilities
January 27, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential theft
- Keystroke logging
- Data Theft
Indicators of Compromise
MD5
- d1ff53179fc224c47993ff3232cab612
- 35deaae4d3284d9ef1a40827ea961adb
- 2fef10e8b3f448256c561c7c2acc1f64
SHA-256
- 7be38caafd74c51f9f934d9d30c635f9d87918467a30d7b1f1282808da06ab2d
- cfb1885ffc36b477e82c2f725fe625c38018760da2531d3a2024f0c24752997a
- 570b1e6e2a31aeea4ae5e06187e431299203a527a14a22e4ee97b4004073bd7c
SHA-1
- 164929ea7e6b82b8e24d1b0e2745ecb0ef770e79
- 455341dc364c18c5a32468850e179ee7ada91a92
- ddd23f802e82f815dd45bdc274f83862aa991fdf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.