December 3, 2023

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Severity High Analysis Summary A new and sophisticated Android malware, named FjordPhantom, has been disclosed by cybersecurity researchers. The malware targets users in Southeast Asian countries, […]

December 3, 2023

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Severity High Analysis Summary The notorious Gh0st RAT malware has been identified with a new variant dubbed “SugarGh0st RAT” used in recent cyber campaigns targeting the […]

December 3, 2023

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Severity High Analysis Summary CVE-2023-6033 CVSS:8.7 GitLab Community and Enterprise Edition are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated […]

December 3, 2023

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

December 3, 2023

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Severity High Analysis Summary The notorious Gh0st RAT malware has been identified with a new variant dubbed “SugarGh0st RAT” used in recent cyber campaigns targeting the […]

December 3, 2023

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Rewterz Threat Alert – Mirai Botnet – Active IOCs

July 23, 2022

Rewterz Threat Alert – Emotet – Active IOCs

July 25, 2022

Rewterz Threat Alert – FormBook Malware – Active IOCs

July 25, 2022

Severity

Medium

Analysis Summary

Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.

Impact

Credential Theft
Sensitive Data Theft
Keystroke Logging

Indicators of Compromise

MD5

4dc50abe34a0f0a9fbb86513fe92b109
21fefc2179be76ec7356aff1cc56cd90
ed7befa017e06735fb27739fe569767c

SHA-256

10b0a88ef7baab52a471dce45a090a692a9ff07b5d34c307d7c2d7192dfc42fc
cbb02344c1b88d252b80ef02e61a171b845d7bd26cd0b8e5d048ea6561e4269a
989a873a3e750ec19b1c98b1ff76efc4f3b265eb5f0a516270975095187968dd

SHA-1

51a7376ed9e6af9094bdf8a9f862f1a16a5d5485
0260d16b1116353de0350e26f93f04e8a97eb609
a0953ebaaf5639fc3cffcdce99bc7be60966143b

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Update – Southeast Asian Banking Apps Targeted By New FjordPhantom Android Malware

Rewterz Threat Alert – A New Gh0st RAT Malware Variant Targets South Korea and Uzbekistan – Active IOCs

Rewterz Threat Advisory – Multiple GitLab Community and Enterprise Edition Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Mirai Botnet – Active IOCs

Rewterz Threat Alert – Emotet – Active IOCs