Rewterz Threat Alert – Nanocore Rat – Active IOCs
August 21, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
August 21, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
August 21, 2022Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
August 21, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
MD5
- c5fabbeb65655faee5c874d622ff720d
- 5725bd181f42479c1c661fb5713e3ad3
- 3831be9b806e9ff92eca675577cc2caf
- 25e47c7ea96eee0cf6da5ddb55859662
- 6c6f89b6c7cef1b8c17183fba8253844
- 00bb2ffc33170781a0a9d801c9bcb389
SHA-256
- 64c512b6660421797a005272a4b5e65981657619d28f0d8b27b399d58cd111e5
- 66718e7fd87b4c7285578401f566c5eadde19b1f0f242138886d456531d39061
- 714275950435c4c7c7aa51d246aa4ecd16fc910a5971bb69029a136dfb06e1b8
- 96f3c5ec010ca95c0a3f1df85987132464bfc6a33564fc9e7d4c36b4f535fb4f
- c2e38b05804fa43eb0cd54de0187ef7d90aa79191877124a504690172ca33b78
- 8de6ed84b73447703a0ddf14eb89ffcbe4a6095e4826cf07253ca04fb38d90d6
SHA-1
- 58eec3de7ed0d9410a7d9c97ec5e9f514418ea46
- 352eb37ccf777ae274428c13b277e4f2cfa53799
- dbbd6c5f4f858d3e251951defd82db0a3270c53f
- dbba2475b872b9472766c7152f93ebbea0864641
- 3fe4b6e14a16afae6e3b0da4dfbce9ab77a2a002
- b01c050bfb3699941c93224d565529fb3b8d3553
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.