Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – BumbleBee Malware – Active IOCs
June 15, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
June 16, 2022
Severity
High
Analysis Summary
Karakurt is a financially motivated threat actor group active since at least June 2021, focused on data extortion. It collects the information and demands a ransom payment. If the victim organization refuses to pay the ransom, the stolen information is auctioned off or made public, where anybody may scrape and use it for personal gain. This group has already impacted over 40 organizations from various industries and areas.
The Karakurt threat actors often acquire access to victim networks by stealing credentials from different initial access brokers or exploiting popular vulnerabilities such as Log4Shell or Zerologon. Karakurt actors utilize Cobalt Strike Beacon to get access to a victim’s environment, Mimikatz to extract credentials, AnyDesk to establish permanent remote control, and a variety of additional tools for privileges elevation and lateral movement. The data is compressed and exfiltrated in large quantities, usually using open source apps and FTP services. The threat actors then send ransom letters to the victims, alerting them that their company has been hacked and urging them to contact Karakurt for negotiations via a Tor website.
Impact
- Cyber Extortion
- Information Theft
Indicators of Compromise
MD5
- 286aaf0974d06d9b02d11611b2acccef
- ca2883a7f300abd755706d3a9b55916b
- e2bce0f3162076fa56de5215fd31e3ab
SHA-256
- 712733c12ea3b6b7a1bcc032cc02fd7ec9160f5129d9034bf9248b27ec057bd2
- 5e2b2ebf3d57ee58cada875b8fbce536edcbbf59acc439081635c88789c67aca
- 563bc09180fd4bb601380659e922c3f7198306e0caebe99cd1d88cd2c3fd5c1b
SHA-1
- 05a9b0c93f7e1ca272b4236d489f903c399e5faa
- 401341a7a604ae8d80d9240cb54dde5e26a5cfdb
- d18c007d856b98ad09818e62fc05acb755dae86c
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.