Rewterz Threat Alert – Remcos RAT – Active IOCs
September 6, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 6, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
September 6, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
September 6, 2022Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential Theft
- Sensitive Data Theft
- Keystroke Logging
Indicators of Compromise
IP
- 193[.]122[.]6[.]168
MD5
- fde55f677e339ff76ca1ddfd40e1a1f0
SHA-256
- 67a02a30128ccb6e92326c529515cbc53f021e60a396cb77e8cea1005ea53d48
SHA-1
- f1445d8833012ac8a02353d3ea5508af5324a334
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.