March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Nanocore Rat – Active IOCs

June 29, 2021

Rewterz Threat Alert – Remcos RAT – Active IOCs

June 29, 2021

Rewterz Threat Alert – Gamaredon APT – Active IOCs

June 29, 2021

Severity

High

Analysis Summary

Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. The attacker main target is to get control of the target system using the malicious document.The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.

Gamaredon APT Improves Toolset to Target Ukraine Government, Military | Threatpost

Impact

Template injection
Exposure of sensitive data

Indicators of Compromise

MD5

ce3cd04e1aa9a1e3fbb60abd04fd553f64774c20

SHA-256

4ffb11d057d5b6454841beb29b6f50021b0d794ddbde0a062f367b812c04267e
e6a0f307c9bec6b31f0002726d75ae3d5ced8ffe3b6fce869fe12b8061f642d8
331571607fd6c804a68007c042a7140ca240b7b0613c57ca62a618d4f47a7f86
38ceb9e9a091184391f1776166ab18830b6e889f407984707dfac13fd91c643f
e84413bb452e635af3d03acc8075a5689cb631bdec7c2090a80bb3f8c56d8ded
b28aa93713d1cbaf0f39a2ad23a08c0adcfb615b590c94dcaa751a3a11e7c455
491656b0591781dd2ba2a8a872a635c2da42bcdcc35df76f43910e6a2bb65635
baaea18671569e4053bee96d4982cc76f5721a9626ce914e774451dac4ee79af
d871dbfcb91b7ae2e96e229dbe989a635a4a62e40c0a236e5d322169ee2e35ad
047ca53bf616a52ba6946c0a6cf6676a3030b0baf6d987b6268203caebd87b74
f727a901cd659b9350614fcb971e984bf15a28f3362e0918ddd45182391e3804
ebf3a8928d8bbaabfec8b7e93eb0f48469a665bc0b15d9261218012378ffb9c1

SHA1

52024cff54302482950ffd8ec41b0b8e7077867a
e8b8a4d51e4a8e76eee9bab1d74684e5d65b8294
a8cbdecc4f3ec5ff01db9fdb48f5ee75d6824fe4
3b4736f02f316d5da4d80d36f9e83ecda39f654b
f00c98caf9224ecf9e8ebbc3c976a6eedcee39ea
85d6749a90d14b1169ea4b71aee543ac8a1bc3ff
e369687b17ec94557f3e4b7112b4525c453e978e
c3623078edc8673f2337e840869b02cfed3d64e2
ce3cd04e1aa9a1e3fbb60abd04fd553f64774c20

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Do not download files attached in untrusted emails.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Rewterz Threat Alert – Remcos RAT – Active IOCs