March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – ICS: Multiple Delta Electronics DIAEnergie Vulnerabilities

March 24, 2022

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 24, 2022

Rewterz Threat Alert – FormBook Malware – Active IOCs

March 24, 2022

Severity

Medium

Analysis Summary

Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.

Impact

Sensitive Information Theft
Crediential Thedt
Keystroke Logging

Indicators of Compromise

MD5

4fcb4c25f8c90512688e83cdc8daf8b3
0d8722ba74761499b6df7b071ae0b8bf
3ebd21231dabb0ade99fee5da48309a2
8a8c6c50b9a98bf858c3f4d8741d2f81
e49f2228be478c0adfd27fc6d103e733
4dd25dd92b5ec56a5ecc0614eb6bafba
0cfadcd92623a5a2da7d2f661235c9be
d983862e8297f970c50c51c88e31e708

SHA-256

1668071dae27e79c5de1abc1d04e278ce9ffe980fd36fa194e9d32ab00ac6831
537d8486471b326e32f04ca8c3c3fbef3955e25722b3e271022b03d8a82f0af2
b10824c56d2ef6aa6af1474f898e5578bb6f6155eb4f9cd63ef3e7fd36c2a827
e2a2877ad48ec2281c527c2e8a51b9c3ae69b2a4975d9f148cd4cbed755ba805
7f0e1d1ec3cedb0f7855a4d8a7b2fb3905c58c999604162fc669ca4aa361dd70
c18e5a14ec9346ff6aaeb0372840100c70865989fca652d398e2e2b95afc3a2b
25b797aed9d1085093ed2fda3fec212d572d3086de9387f93511c9d2624c909a
fce51b6f1f69629c651dfaedbcdcb55d25da39e8184614c1cb26e4c247f6d3ac

SHA-1

256bb873dcfa16fade3e911cb348b217df8b389f
3e47782b2575bdd3776df60e0eb4a14d4eef8981
1df621e0616b6a0c2c5ec0acd2d27ec8ea72e097
e864b82b93d53f613a4db570dd17ce966809e820
69d3e65e9b1476de013ec11cde3e740b9bc634a4
205544148797456f5642085a5e0d9c78ee13a718
84969a0f84ea10432b78f13a95c6648e57465fc7
88e1790ac5776b63e9816d9e4e01fe58a0c5efe5

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Multiple Delta Electronics DIAEnergie Vulnerabilities

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs