March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – BlackCat Ransomware – Active IOCs

March 17, 2022

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

March 18, 2022

Rewterz Threat Alert – FormBook Malware – Active IOCs

March 18, 2022

Severity

Medium

Analysis Summary

Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.

Impact

Sensitive Information Theft
Crediential Thedt
Keystroke Logging

Indicators of Compromise

MD5

764b12146d949149c39f8741de185736
b1ee8aa3e90b36aa601ce8b95e912cf4
cdf55ed6d4b6226f656ccbd5ac6f6a36
971e226a77bf2c9d0e0341bf9e3829af
8a4fe566aacd64ccb76f460d858caa42
85a2d19aa2c31c6aa8c55f5300a6e306
8dd60a0afc01bc7c1a1e3c6d5f844ce1
4931e28f298dce8158aa993a7f4bb964
240f72ba898fd62267183f00c67e8a44
4ba27d867353ac0c936a9079bc92ddb4
c9808367c365097eef55f60c311f6672
33899614b3fe24bc02dfb4c1f84dabdc
5b721574328d607e2aefaaf78d54a4a8

SHA-256

274ad8fbc0f3995418c0e0fa4a1ed960730f77e5fbfb0b7c511651144d613284
32159f1ad821e72d64a72ad89b670b498fbaf994ee9fabb8c180b10661fbf4ab
da30dd86e912cbfcf0cb4306265cedf47604891dc868db7c59dd92d47ad32063
19e0cc8be99faf620eb57f77048df43eedf382eb313ac579a63079cd534b6367
39992920b2ad02ba761413d61b8c4b7eef23827d26cb50b4236f97c5af7d4d33
97c616bf4d72290ec5613fab2937c2a47a91a0d80ae8ff6a590d7f3b6787675a
93b7b31f375aa3bd37e131c4aacd4a4301ad8596d4c4d264258569fe0680c997
739e94a41234bd028fae27705c6d0ff5d8d9925068384bcdfe4cdecc1fb36e4f
ec56eaed4e42de73eb1f44c29d4a43bdadc6e4b2ad38456d62d7e81675469a5e
6ad7f99fc894da684e1ca13e427c11d5f3656e4687cf1c9a9748196463913826
d674ad918b0c38a26ec796220f99d14147297ddc01dd8e09c9b9b0dec8998cf2
b36891ab4a7fa6be1680a65614dd5551a3fa8a89052c381a954601eedd82e62c
40fa9ba8113198bf73af0101d0c0275ed1ef014a15fd83457dbdbd29e80f99a8

SHA-1

efb3da36db908f075578b173f1cedbda6779fe1c
b14cce837bd6cceb2c26a1d70c09f5afb9224c68
ab366dd1e83767d123ca9dd16641aefd8a81297d
d9e14e48ffb0a6b9b14d6e5bb45ab7bb06b54c35
740c982befd0e3be1b5aa3294a4481f50b30faa2
53fdf8f736c67b32ce0473d0b8b280eb7ef0e388
d0e75d5b44cee0a6d7e40454ea328494649f4766
9c907a51a50d145410ec5ed57c0dcd19f852d089
0ceac77310a375a245f77c886f036c5dcb3d1196
cceb49c7976c6e2809a2fa5ca686a44d0be9da2f
cc90860db94105af836fb85ac7633715d0bb2a22
8dbc988c06f51cce14e4cc95717241fb1521fac6
f62ed63dc0558ffdba1289ac8221d47476bdd645

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – BlackCat Ransomware – Active IOCs

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs