Rewterz Threat Advisory – CVE-2022-0847 – Linux Kernel Vulnerability
March 8, 2022Rewterz Threat Advisory – CVE-2022-26488 – Python Vulnerability
March 8, 2022Rewterz Threat Advisory – CVE-2022-0847 – Linux Kernel Vulnerability
March 8, 2022Rewterz Threat Advisory – CVE-2022-26488 – Python Vulnerability
March 8, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential theft
- Keystroke logging
- Data Theft
Indicators of Compromise
- jowhar@xintongwood[.]club
Filename
- NuGet[.]Versioning[.]dll
IP
- 103[.]167[.]92[.]57
- 217[.]26[.]48[.]101
MD5
- ffa2ac5a69c7ace2a10d749a6f881f92
- 8aa580f4f1cd04eab91ec1735ac33dd9
SHA-256
- 82473f3c78d0243f759552027033f81e1ceb7fc3317c235264c9102f87669122
- 255f543a441f8f0f55da387de0409361e80ff1e8f54b476ba185360d6b0adc3c
SHA-1
- 771e941ed6ea15df30b9405a233b15da937a3d41
- ff86ee00297625c36492661a61af33b19ded1612
URL
- http[:]//103[.]167[.]92[.]57/space360/vbc[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.