Rewterz Threat Advisory – CVE-2022-20828 – Cisco FirePOWER Software for ASA FirePOWER Module Vulnerability
June 24, 2022Rewterz Threat Advisory – CVE-2022-27511 – Citrix Application Delivery Management Vulnerability
June 24, 2022Rewterz Threat Advisory – CVE-2022-20828 – Cisco FirePOWER Software for ASA FirePOWER Module Vulnerability
June 24, 2022Rewterz Threat Advisory – CVE-2022-27511 – Citrix Application Delivery Management Vulnerability
June 24, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- c3ce12504e0685e9b74fbe78cabf9c79
- 594eb16eb878818396471fc8531d5cab
- e35816655bf86d9a2aa8569a81fad0e7
- 7221fea726f93298d15b7e6880160034
SHA-256
- c12727598ef6fadffddb078083cda0ef3cf79ded61ba27c5a6a6b4f732ee1e61
- 89b7cd6b2e33c5c7d423c8814b56e7a7aef7ab3064c3fdcf4f4732bce3837b34
- 845df76e2e4d828108d506ec1ff6fceeef07736d73df7d9e7c3d275740ee1c94
- d8aa459166422845b7d08927d6402f9fab78da1f95e9960cd1b3d8784ddf6437
SHA-1
- 9c8c4659fc321eb2dfcc6e174ae194f57c37e064
- 2e13a0e4094aadcf2facb95ecc738e5c610bf2aa
- 014fe9062d92b730bf0ebabb6f0bd4cc5e8579b2
- 985d8ef4b33d7af0ac9fc930a99154493a9f5ef4
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.