Rewterz Threat Alert – Remcos RAT – Active IOCs

December 13, 2023

Rewterz Threat Advisory – CVE-2023-36010 – Microsoft Defender Vulnerability

December 14, 2023

Rewterz Threat Alert – Gafgyt aka Bashlite Malware – Active IOCs

December 13, 2023

Severity

High

Analysis Summary

Gafgyt is a type of malware that is used to conduct Distributed Denial of Service (DDoS) attacks. These attacks involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning. Gafgyt malware is typically spread through phishing emails or by exploiting vulnerabilities in poorly secured Internet of Things (IoT) devices, such as routers and cameras. Once a device is infected, it can be controlled remotely by the attackers and used as part of a botnet to launch DDoS attacks. These botnets can be used to target websites or servers, and they have been used to disrupt a wide range of online services in the past. The TTPs (Tactics, Techniques, and Procedures) used by Gafgyt malware include:

Exploiting vulnerabilities: Gafgyt malware is often spread by exploiting known vulnerabilities in IoT devices, such as routers and cameras.
Phishing emails: Gafgyt malware can also be spread through phishing emails that contain malicious links or attachments.
Botnet: Once a device is infected, it becomes part of a botnet controlled by the attackers, which is used to launch DDoS attacks.
DDoS attacks: This malware is primarily used to conduct DDoS attacks, which involve overwhelming a targeted website or server with a large amount of traffic to disrupt its normal functioning.
Evasion: The malware is also known to have an advanced evasion technique, which allows it to avoid detection by security software.
Reconnaissance: Gafgyt malware also can scan the network and identify other vulnerable devices that can be infected and added to the botnet.

The malware is known to be modular, which allows attackers to add new capabilities to the malware as needed. This makes it a versatile threat that can be used for a wide range of attacks. Organizations should be aware of the threat posed by Gafgyt malware and take appropriate measures to protect their networks from DDoS attacks, such as implementing DDoS mitigation solutions.

Impact

Server Outage
Data Loss
Website Downtime

Indicators of Compromise

MD5

d65ad3be168677d549743d22c3c31e39
d3d07195cfc8c1794321bbce74890567
cfd453a099b0272a0b3cf3fb40851604
6b1ae3dac01ee2d8b0fbdeda86e2d4fd
3b7d4f8a55e9e96260890dd150bd33de
f0533f3e7c9d45236b13d0fcd6a68190
a4e9aceb43ff857930e47b77c0e28851

SHA-256

6f8ff364f201598c18c7cda478026cd570e08a3fc9dcc15547283472a59ea10f
90922a105d47fe682a8d4725202aa1fda02bf05c83182ed64de3fabf286d1b17
c62359b2457e2eeaa4d74003632babc177e8dd116bc857dcd54a3bf381e1e844
94971c673aafb8b68ac6d5f00f2ca24612b1ae03047713617d6aaa8e4c830ad1
392d81daa89dfaad4197b329517f0ffb658b9a42f9caecfc37b3b5dbf648b7bf
7a4437b653591f820f2184cbbecf3cba33d33916a34bb0d42eca80a9407932ce
869a819cc5d7804b045ceada60ed1ecd5580e0f1ed333f63243aa9fc1a757547

SHA-1

58282630ca163574fd2bc6b771d181b29d2fe750
1977a62aba04c734222657c010250aeb33d4b9ef
c49a0a3d097e927eb2cf961adf5dd4167d8bbbcf
99170142bde1f955c6787f305e29026ceb16f743
8ceb7c6a8d2365c02f90fda90c96aad304a5cda9
3e78a71f338fe002c6c8edc54644322e2acfdd80
1267a8d4f26a693446dcb1b6e248f0d5f714cc64

Remediation

Upgrade your operating system.
Don’t open files and links from unknown sources.
Install and run anti-virus scans.
Block all threat indicators at your respective controls.
Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us