March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Leaked Conti Ransomware Used to Target Russia – Active IOCs

April 11, 2022

Rewterz Threat Alert – Mirai Botnet Spread Using Spring4Shell Exploit – Active IOCs

April 11, 2022

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

April 11, 2022

Severity

High

Analysis Summary

Lazarus APT is one of North Korea’s most sophisticated threat actors, operating since at least 2009. Initially, they concentrated on South Korea. It has recently shifted its focus to worldwide targets and began initiating assaults for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and a number of other nations. Lazarus APT is suspected of being behind a number of diverse efforts, including cyberespionage, attacks on financial institutions, government agencies, and the military.

This group is said to be behind the wiper attack on Sony Pictures Entertainment in November 2014 as part of Novetta’s Operation Blockbuster campaign. Lazarus Group’s malware is linked to other known campaigns such as Operation Flame, Operation Troy, DarkSeoul, Operation 1Mission, and Ten Days of Rain.

Impact

Information Theft and Espionage
Exposure of Sensitive Data

Indicators of Compromise

Filename

긴급재난지원금신청서양식[.]docx

MD5

44BE20C67A80AF8066F9401C5BEE43CB
65ABAD905E80F8BC0A48E67C62E40119
1FD8FEF169BF48CFDCF506151264128C
7B07CD6BB6B5D4ED6A2892A738FE892B
9AD00E513364E9F44F1B6712907CBA9B
15A7125FE9E629122E1D1389062AF712
749CCB545B74B8EB9DFF57FCB6A07020
1769A818548A0B52C7BE2A0A213A9384

SHA-256

4e9ba92b357dcfa79f64f2ca829d31935b5a93059022414ca894a070b625da66
f915bc0dc9536eaa4ffefe7781676cdfe656298f4f1f9b1e56aa84a88db4902d
06d29b5f1611303a792bb335ecafdd228cf0a1ffd55629f8cc1b9ce25d7fb378
76a87057cb72139ed2a2c6776949aabd15134ba887b05bf1e56d46f3e97cda87
2c491a12efee90bd6c76b40ba7b5efb5ccb3ef467a4034f8ebe71e356d36cc85
de5cf0c1d3fdb683683e79c3b108159e13dcbd37e2dc1aa7407444708f06197d
0e2742ef08937acc3327d65d1c820014ee557f63f1b5e0ee04cccbf4042afcbd
1e214c5b4a732dfa2539dc535649978af9be28387f8a529f109bb4cb95692c68

SHA-1

a2f513d27c18a885490e0e824c48d6cdb162af28
e7d4b6e1492b98b660780fa52804869aecbfe1e3
a132b3f3a88565cde7435dfe921bca17e5026ffd
b4d1a0a6aaa52d30ca7082a070cd33ef81a60962
b8e937d467f2bb424850ef80670ed551463abfba
a10a69363128b691223ea191d7c2eb4792cd6986
3df0353bf2d95f9f0876e8b9b7affa52f2cf9a0e
98c2a35cc3d3b0be526b46ca7f9e1cf1a3775cce

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Leaked Conti Ransomware Used to Target Russia – Active IOCs

Rewterz Threat Alert – Mirai Botnet Spread Using Spring4Shell Exploit – Active IOCs