Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 27, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
July 27, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 27, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
July 27, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- 64f9b51104be03c683884e2447428757
- 95cd540219596608c66b3a3bcf59b904
- ac6096ab3dc639f668998dc327d33365
SHA-256
- d512320bd4cd2ff14ee93ce377dee115ee827875608432a43c6155cb87d88d5c
- 186560894e5762221b8dd00482eff24ea616619628235d1e1a0967eb307c3893
- 2620668118d8ade45d0de6c49ea4c2af6213ff0e7d0b312b8ce8e080eba6c32b
SHA-1
- 3f31bf999985c1d6f8ee8f6794854d5f000642cb
- e303d92f2dfe1ab881dca7fbec4e62a38e934892
- de2ba145f48c068ad776bb6920254b35e6362bb2
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.