Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – ICS: Honeywell Maxpro VMS & NVR
January 22, 2020Rewterz Threat Alert – Increased Activity of Emotet
January 23, 2020
Severity
High
Analysis Summary
Identification of new versions of an old Linux malware known as Rekoobe, a minimalistic trojan with a complex CNC authentication protocol originally targeting SPARC and Intel x86, x86-64 systems back in 2015 is back. The new malware samples have lower detection rates than their predecessors. This might be because of malware ceased its operation in 2016 after it was reported. In the current context, Rekoobe have resumed their operations utilizing a newer version of the malware.
Technical Analysis
the new variants are statically compiled ELF binaries while older variants were dynamically compiled.This undeniably implies that on a code level these two generations of the same malware are different. Since the compilation flags used by the GCC compiler differ between dynamically and statically linked code, the compiler will generate different code accordingly.
In previous Rekoobe variants, the malware would initially collect some preliminary configuration saved in disk, masquerading this configuration to be a shared object, However, in the new variants, the need for this configuration file has been completely removed, having hard-coded the subject artifacts previously dependent on the configuration file.
Impact
Download user files
Indicators of Compromise
Domain Name
huawel[.]site
Hostname
7xin[.]bitscan[.]win
IP
- 119[.]3[.]22[.]174
- 96[.]45[.]187[.]113
MD5
- f34119a442651945d5efb33db8901d9b
- 4b45e601d480124c38be06a706f7d8f4
SHA-256
- 2e2dc0328f6c19b033bb19c24e59e354e519606958afb93fd8049d162a8e3edd
- c9eb46d00e11acb354b518f725412b88c69cc511ec8d5bd3cb03c1740f8a2936
- 7148ae1ab45e17889915100fdc203fe7941d8e9b946d44a3989ab8baeb6066e1
- 80e5fec19843c32c6c3fc38aabdeb428c339b0dfce28023529144405b9c72b33
- e63c2e35a41c51e33b246f5b60c5d1b8da0d8c50bf7ec592383b61818217e8d7
- 1d0591049a65db6508a9517f72954541ef6b5a7fe9153c5edcb1bac1b70b991c
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.