Rewterz Threat Alert – RedLine Stealer – Active IOCs
April 7, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
April 7, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
April 7, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
April 7, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Sensitive Information Theft
- Crediential Thedt
- Keystroke Logging
Indicators of Compromise
MD5
- 4fc498d1c23e7684d98c25bc05b8547e
- 22a07c6b6618a330caa62d18df0fe8c0
- c0ac0895cb8b6b56b2b41441369e4d7d
- 874cf7a195532e863b35850957ca9bbe
- 4616ecc0840e1b52698e32749eebe56f
SHA-256
- 9734a5d84c18faf3f81cbe2f29085d5317bf96cfe537305ad05bdb47dab1f942
- 0f6d19fcc66230f9419902ec6d2a29e58419c8f106dc23ccf667a1ba128571f9
- 7d9c6dc5a440d56a4690142773f34e00e8e720bfbfac3cb1fa0a6f8864c2a986
- fe9e68e703fa211b73e5bf707c018013566daa9566d1b20b888070b2e7caa1a9
- 8c6e630e2b923d9961d01d662f8ea7455f29549515ef1fee8b99b0aa1da43858
SHA-1
- af4197cd229cd24adf5c4368703287e0d7d784a4
- 688685eda3ee114553603affdf2ce17678ec0d47
- 3647796bdb31705dd024f3c69d5a348bb2b1c0ce
- 559346066008dd7a05caa313d4f4ae56ce7d1f67
- 43684ad8d9814538b5c03c54ffb100827d956364
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.