Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 6, 2023
Severity High Analysis Summary Stealc is a new malware that was first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground forums […]September 6, 2023
Severity High Analysis Summary CVE-2023-40743 Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the […]September 6, 2023
Severity High Analysis Summary CVE-2023-4763 CVSS:8.8 Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Networks. […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 6, 2023
Severity High Analysis Summary Stealc is a new malware that was first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground forums […]September 6, 2023
Severity High Analysis Summary CVE-2023-40743 Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the […]September 6, 2023
Severity High Analysis Summary CVE-2023-4763 CVSS:8.8 Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Networks. […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – SharpPanda APT Group – Active IOCs
May 30, 2023
Rewterz Threat Alert – AsyncRAT – Active IOCs
May 30, 2023
Severity
High
Analysis Summary
Gafgyt is a type of malware that is used to conduct Distributed Denial of Service (DDoS) attacks. These attacks involve overwhelming a targeted website or server with a large amount of traffic in order to disrupt its normal functioning. Gafgyt malware is typically spread through phishing emails or by exploiting vulnerabilities in poorly secured Internet of Things (IoT) devices, such as routers and cameras. Once a device is infected, it can be controlled remotely by the attackers and used as part of a botnet to launch DDoS attacks. These botnets can be used to target websites or servers, and they have been used to disrupt a wide range of online services in the past. The TTPs (Tactics, Techniques, and Procedures) used by Gafgyt malware include:
- Exploiting vulnerabilities: Gafgyt malware is often spread by exploiting known vulnerabilities in IoT devices, such as routers and cameras.
- Phishing emails: Gafgyt malware can also be spread through phishing emails that contain malicious links or attachments.
- Botnet: Once a device is infected, it becomes part of a botnet controlled by the attackers, which is used to launch DDoS attacks.
- DDoS attacks: This malware is primarily used to conduct DDoS attacks, which involve overwhelming a targeted website or server with a large amount of traffic in order to disrupt its normal functioning.
- Evasion: The malware is also known to have an advanced evasion technique, which allows it to avoid detection by security software.
- Reconnaissance: Gafgyt malware also has the capability to scan the network and identify other vulnerable devices that can be infected and added to the botnet.
The malware is known to be modular, which allows attackers to add new capabilities to the malware as needed. This makes it a versatile threat that can be used for a wide range of attacks. Organizations should be aware of the threat posed by Gafgyt malware and take appropriate measures to protect their networks from DDoS attacks, such as implementing DDoS mitigation solutions.
Impact
- Server Outage
- Data Loss
- Website Downtime
Indicators of Compromise
MD5
- 8fb46222183c04f1d90876f2750764d4
- 539210e81e3946a5764c3fa36c9b69da
- bb3ca9525edec9fe065f5a4c6df96201
- eec95c2561b27164696c885ea2031dab
- 6b25b9988c61f39f6f8c5bb1fdfb9236
- 34b16467466b977f9a10c514a8a270a8
- d27290ab623efcaa5d3522250b99d47e
- e9975d20bc6592b8aa4832ccbc9f41ab
SHA-256
- 1b27bcf2b51b43c89077e8987bc0d419fad035bac104cdf7d9153797dce03076
- f7024ba469cf042c7abf7dfbe16bcc9eb8f53f9c09ba63fb7e14023912811f71
- 1c26f6693b453effc90f5d9e3927f6c817daf3f14efe1fa86509353e982338ba
- db47bcf06f18972a028da0a31d496de0c322e74aea3c3e587d1563bc5669593d
- 862eb66b2f4aa0ca6751c77572d433aa7044ce9465e4c2dc4794d0a80ba8214d
- 3566ef5fa742cccb1a38af8f62b4e6a43dd2812dd4f9ec7b9ee16acc33eee358
- 7dea00d12e92552d62f4a373bd1feaa6f3ccfe0667ab1afbef09625e5594df1c
- df1f2dd250b7450d2678f5d8b6b822643750aae7d47e8befe15f9770ed8c9409
SHA-1
- 51832fc310955c919ca14131de33af40676aea43
- eee990c901e8418ed8c8a6a559bbb8b967155c98
- 220600b6f25c0934c5628357db9eeb19434b3e5d
- 119c8cd419a80731f088c8ff0515aab105cef1a6
- 710fd65dc02fa391299164387a5bd6b7491068ba
- 52a4d3568a892a91a25e8814d6d493d16c60acc4
- f91b3cc39554d0b6408fc7428de15efb05726dfc
- 9708205b9c3d7b1804c8e22093f138b55d42bc12
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets