Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators

February 28, 2019

Rewterz Threat Advisory – CVE-2019-6465 – F5 Multiple Products Bind Security Bypass Vulnerability

February 28, 2019

Rewterz Threat Alert – Malspam Campaign Dropping Ursnif Banking Trojan and GandCrab Ransomware

February 28, 2019

Severity: Medium

Analysis Summary

A recent campaign has been observed distributing Ursnif banking Trojan and the GandCrab ransomware through ﬁleless infection means. The main infection vector of both campaigns are malicious macro embedded Word documents sent to potential victims via phishing emails. Ursnif, also known as Gozi, has been leveraged by threat actors in the ﬁnancial sector since 2007 to steal credentials and other sensitive information. Whereas GandCrab is one of the more recently discovered ransomware that has been used to steal millions of dollars.

Impact

Files Encryption
Malware Infection
Exposure of sensitive information
Credential Theft

Indicators of Compromise

URLs

levocumbut[.]com

rapworeepa[.]com

wegatamata[.]com

roevinguef[.]com

pivactubmi[.]com

biesbetiop[.]com

navectrece[.]com

yancommato[.]com

dewirasute[.]com

ptyptossen[.]com

mochigokat[.]com

tubpariang[.]com

zardinglog[.]com

abregeousn[.]com

aplatmesse[.]com

abeelepach[.]com

teomengura[.]com

allooalel[.]club

nublatoste[.]com

ledibermen[.]com

lootototic[.]com

acnessempo[.]com

usteouraph[.]com

izzlebutas[.]com

sfernacrif[.]com

isatawatag[.]com

duenexacch[.]com

kyllborena[.]com

bawknogeni[.]com

kicensinfa[.]com

uvuladitur[.]com

hxxps://zosmogroel[.]com/images/bqOIi0Qqmbsku/iC2ceSPq/qditqiLXeKOtyo58Iga/KtJBIuhqsLzYH1Zz7LP/Oma_2BqMvNi 39Jf/cBCvfx.bmp

hxxp://176.32.33[.]145/rez-senqo/o402ek2m.php

hxxp://bevendbrec[.]com/rez-senqo/o402ek2m.php?l=sixino4.dds

Hash (MD5/SHA1/SH256)

cc5a14ﬀ026ee593d7d25f213715b73833e6b9cf71091317121a009d5ad7fc36
28a8d6b8a0cdcb25d098e403cc8b6dcb855cb591f0b54c2e3363b5c580d92b28
facbc2cb089668197ca3968a3433b6f4826430c13f7d1c75b44667307c67dfe3
e714a5147335245c386b105bb7494a8b190b6a737ba28f029561efe48105cd11
56c46ef3d5bd544fa35f6e336d3be93cf36e72d0273fa1dbc915979f2d883e9d
8f6573c58eeecb8cc417a20ee9eb7fabcf55ef4dd96c5220c87806153d016619
66652210842d53275136893c19ﬀ51978902057d9f67b933132adc95949338c9
f15bfeadc99aa64b1cb9b643433e60f588244d610c64c74288dc2200f8df6ee7
e0792d8fb12be3d9b100a8997b20d00584643ef3330146e4f00759688780b72e
9e4c0405675c0eb632b5c47f1db2b28fe42b68e667c880eaaf56f57976c635fb
ce9c72b3348f4f9287dfe6f6a8388c913a503b28129aafdb753cbca27d740c46
28ae60da78e097de193c71b1bba5bb4bde75dd9c8c357976c6a44bce1d2d3799
5172985158410e4888058ce991680f8281489606fbd6eda31e5ca51bd058a69d
0a178c213499d3b6256546f515b548017eab52b8df72d0933fa18b42e2b99cb3
c8b8c3242aa6a558ee1237ab50861d63372ddcc910721925094d4a2bd908bc12
aa2d5568001c555715e7265018b921fed881f1ﬀ1fb5d90ee4409e59971f9c8d
86b3e9b065f67c0e492ee18dfd4088ea681b071f7c7d19de12759cd01798d1b3
51efeb613b31aa4523a3cd4e3a1f2dc78deaa8f6259cb69e80307f19825d4b7b
9734ee8d9a23f0385ec99fd5f9a91b01916a4a4604fc23103cb376375c893e1b
a611ccc5c964cbf6a9347c1e8ed3e4fcd5845ab70b61e888144c31a599c507ce
85d9b957f2892a9b2a9e3bﬀ922857fabcd8f7cc0471871af42d0299e5fcd1b4
83f24fa4456860750147b92013840e612c9e0db4b5cf0676fbe2ab86d928d7e9
3070cc1f6a5fa9278b3866e8e964bcce209788ﬀ628ed45f5698f1d684d38af1
3650ef2e0d48b2bf4d1b22dfccef70870b683d6f68098be1239b9eb43be265e1
d9442f97b93e30eda70d26f1e8664bd6ab12360d9daaec64eb975356cb4f3371
18cfbae517b4c469014d753e3fe169408f40b70ba6f6ca8ef47106d3ac001577
3e4efa728f170f50d53028e1440ca819c4b27f20c45d87f920c377b8f02ed32b
2d17eecb9591a489a85c473573bd30b61bc7f77eba43ee7da8b9a1289e325180
2ﬀ92874437b2f48b39a426e364b27bf24a6aa519b44f9128e624bd727173cb8
ae147e750d0f4415f1285727301627b71e0e1c11ea048fdd0e7d5e0355f4ece6
230c04fac8798b3f48d9ea8f4b1cba2896201887d0f9a1ad4836cf8e8e6027ce
fdbdb71a3049161ea5c070922305bb97a437db0b54002a87672f121d4ad8b01d
691de01cf755a509eb92aa759634719279b641b7710d0f91a49823a42947583c
f2fd2beaebaa7f2a6f00c2118ce653fe0f853a6a643ab804f5b8bf7695c9c72b
b0595609193e4c200960dcda6e13ccd9f51d34702342f8eb8ab95737ba28c2c0
0aee74d7daf5918f0d6c46ba8d0f116459a744c09a2eba43755489aa2594af2f
b1adc3b49f3f75c3d0b7b9ee080dc7ba40872e601e2ad87a3f25f40abfb8c658
b20cf39284f185a31f81640c7bdc29fe73385b54f5a5d3cdcbb93b8f949c631c
995309d4cdd9bdf79cbd207f6f5056bb9c8ba6e4ae8eab3d337fcecc049fadce
00a66bdce043d6d0c8117990999fafe0d5e65f67b08d1d676816248092cf5798
b8681a43b70dca967e8b82be5dcba7e68f72f00c98f20aa2b4d74fa86f1ed4bd
27509bb585ef43cd9cb3a7894ade26e4240f187d9c979d21a0025c83fd86edfa
a0141a44c805d9378d94a157a440a2fb9b1f56f1bc49a8dab9ebc53359b6f3d9
3a21802fb70556dba8955d61ce2af7b060aa5f4e89d04996168b402c752be7b0
082b148fafe2f1f143c98536139b923be8e1cc3f8f5f25dd4635f51042284417
9790efd4884010129ce18e459e655d07e0a985f0de377c125b2f8f796a15eb4a
cﬀbb27f76f67290eb483e62a97098c77d5aa01884dcf33b5a177924df3a96f8
fd09b105f61c52dcf668176a417e3d0b4b1323cb43d7891c296deb41735916d4
52a56e43eea9b680fc9e047b4cd1edaadb51e58868bc2466f8cb60274797844f
b65676c32f888e6256932983e89d2bb8694ce6977cd6feacec0879820e010a1d
2fe0eac1aaf4b02f8902bad62346e2a50ec5a322f6d7656007011c0df70b011f
4d34def9f0d5b3faf09e506c1e59ad5eb9ab2b8f5199bc7a67e6b111e756f2a3
7ae29c70af5c4e46de3b1218ede8cded4023c1e699a04a137396270ea0ce270e
09503fc6344386583bce1385438cb1a5443d3e08dc28d1c2f2c77fce8d75ce78
8ba53dc3ecdf79f12bb47c986bd4b70dfe2e8ec3842ed632ad6cf228a360d2fa
d1a9571cfb9e0de046f54aa283a70a55312cae21c7a5bb583485c4dbf4328c90
77f8c205a29555be6abcdc911674ﬀ2dee4c10306f0c23d0c63e81e9cd1184bd
036bc6823b46dbe852bb791d466cb7e232484b676bd73bb83109a8137752cf92
8666e78ea827f43f1ddd2a64ea7d8daf2c33c33b6b6febc6ec38344f0ce7ae3f
6e8b7f45bb771856fe3dbc4669d7c67793ecb88ae90f2b1b08392a6bdda08764
f60f96341ba5b01852b60a29e8b1f72091ef64a92327e0fabbf9ad74d16328df
fbc4d59566cdeecb853bb6d2303856e6b7d19deee7b37347f1719a29b1c317b4
c888033d292c67977363217f78fb89fe0ee32765f0c2c7c6e11e8c792c51c678
44399a077e94059749f000c6dd11feaa7ba1b34d6f63a01b5d70116a790c12ce
605a0508e07a3dc1f1ecd4430d4da082d9b60e778fa2bc58eac09a3f3782fa54
286a167d3e86cec46e49847f1f75c268f1f61b15613ee21c841a2257b52d897a
44d3be0c5b637d625a0c8cd4957c271d6a88b4ef4736d8a3d64f6727fcbcca2e
5c79e8a2df1c18a03730419f83fb04c5906c75166680e31d2e7424882e0b8db9
a4365ea85c2a5435c3659a9070f87549df5bcc241c57d43ebd270d6c45cd1334
526720a4a526870d799dba25e3d3c81d186484a93bedb053ea89b9b6d4af4085
0a3f915dd071e862046949885043b3ba61100b946cbc0d84ef7c44d77a50f080
1800822b3e467eba73278f94f26291942497c31267fe8111bc55e845d17454e2
309045e56c28d8b4e360c45796f446891846183aafa311151fb0947fa2ab137b
a7cddba1c01e958f659bdf45cﬀ1a8464446c648f1ec9edaab1731d2675c03b9
ﬀe0b27c6c7ba8c9e3a4d2458b9564e16dc416546a5a26b2611d015552e7e7cd
fbb11503c81ccfe94987f67b6a43fc41d22390a79429093da3eeaa500320c84c
0ad69721bd07fe17aefdcf7699070e13adb5bd79daceb75a3ceed830aa029215
bf0a3dd6bae273025173b67f6cb02bcf14f8db61476530c001b7ee24f6552bc0
3afa12190d272dd716d4e98f445871e8553a92cb9ﬀ507daa668876e26570d06
bfad4c433bbd631d2a13d1eb8069260426e9b8b76eb47207e577b6c4564e5d43
5d977cf30827477666d25344a0cb0e08edc5a78e2bf459e0dca85a41dbafdb78
9ad0dc594b97a29577bb6ca931531949f4e99a3ce3f527a859759fbc18de4706
82585bc182f173d7c46d93cbf94f19158dda78a23608afacdad7b211a5b431ad
7d493261c2f53cc64998864e6415140d4f29cb31d2897a8a0697e0e73e7700eb
af321d60b2d3077b79432f50938f5fc6883cee8cb0fb9aaeb77dcddeae8c661a
40532b5e33aa483c2a847ce1135186b74023cf1121bc3602ad63a544a69aed64
8ad4b2e6f5998a1277879c6f05655c1c0479341c00a85f76430accdd5f10b3c8
fc91a55a6f64285004007e71073ed2a1f79f5344112d2f292a1ccf42e19b007b
7cdb4ba109c4dcb3d2dbb407eefcf790c3bbf7a03bb58b3364aa16b277496910
eca9b633d0fe17afc94d3a94a75e72123d51c88320eb15bf58aa6b91fd4d0e18
f5bf0f5130ﬀ8e349f3a857079e518404a488d396efa6d89cd57be79ec355924
9c1387a4e174067e6aba72a067381092963a5d7ﬀfca23ecd3bca4f93adbd36e
a07cﬀ666494a48667eb3de83f80f906ce3e453afd20d3a563328f941e3fa001
cfa51ab714e38eeddf7ed4c68aeae59b6f7a4a5cb24cefe6eb9d178b3b8746da
bbe250d9fef5304070d9148ef7840fa519001c5dc2c2f01b077368eecf8ccec5
be99e7ecd9c896dd99c3b933c60db7ac7265949a2d002c1760c509fbc372a527
12dﬀ9d1c2aa0c065e7cca414169d728f80a4ba714b1a841548b8935bb14220b
a5b7c1a28f2f43328223672c39e586f0dd79a68cdeafd15c26fa70898fb87977
1cf024eabbe072bfbf95b27e2579be40e9aba458dacbb70b0e6434d5a4ae3765
d7a2b983981c8077b1cf87e648136c47c547626b7aa21b7eaﬀ48d6360ﬀ375f
efa42b76c35ac574c1b4b9770b5aefef2a6315e235f1e05f8b330d41ab76fcc0
a06f00bf7c0d200d49f302c3cebb5e0234c224a009efda7b52b927ab90a78e9c
a35966e3fd0e0cb449bce237188130b367df3baﬀc609e79528d09195708da26
6e7f3560280f50e01bf2de58c06453b0158466d743a07d16d21b0e7c11670207
ba0e0d50e5dba45abee851b5f2aada5d2ab089fcc95ed364cfd6bfe4898f8f07
79d1ebd0d06b08817bb831349b05f77d82cc606b66dfb83e4fc62620aed26c0c
5bc101061c27a166b1df590917e6755c7192c61c17b110b53bb6a789a9769373
2c5914f349059d9976be45c8379fc79f973b2f37f479b92e09b7f5656ec22ed3
abfc6c0d551fc650b2e685d3f82bbe2506783db4d6864fd570b411e00c852a18
d7c3e13e7497b0060dddb23e40fbf31f731d8bb07ea60455bbc2329ccca21fe2
9df9b04f0282e2207f284ee85dbebb2d662294ﬀdf7cf061625ab6714134d6b9
0c87500107553c3dc61241a2a6712d89e4c7a38304611e41121db739a70bed84
003b2ca34d837139efe4cc6854d7296ed91f3f5188320a427acfe95780c3b23b
77053b29a15e4b3baa26b0d0885967a55bf8ﬀ864cd9f48cabd34f144d595ea6
f00585d1133d8d21a32161b1087d853faf6e8f9302903142fa8700517297d0ce
f669ada5789b3b4387bb838ﬀd6b11af5dc1be5f132de38a979c208fb728eed3
5826b25007e8dca25b04d247172984f98c0a3f4380aadd8d5f8484f3005ad205
4828a450881b8b5753559559c7f89d1b2ef9257431cc321cba063e21cb7ee1e7
27f18297d73463dfc07d65d40b95894bcce966175a823a44f3b3697adﬀcc9eb
c15be300e7c45319b70cc019542ab6e968e1c34843ﬀ7ec46b3258c7a2521683
382c0e26f75d70337b5db12f68d361f49da7a52abf4a6a905d9714f69e187f09
88383d787c5d9c117362e892114ec4c09a68c41432ba1ee41b0f4685f819cd45
47cabe69e7fc40004e5dcc3b6f61b7a0c165b6e505f2ba92e147072157af4d9e
21f728da2f01dddd30b9a2653ﬀ0e06063a818e4d10f0c0c0842954718322568
5123f3ab0f233722e18a4e99a356831d187e6f4d2225199fefd83ed1510d1668
6b7a75e1095a731deebb7681eea7dc2a83ad3848ab28626d5f1a90fd9a0070bc
0af52255c982b2dd61af36af0953412fa2202989d6a586e7fd7f41abaa466e07
29d6f1c40c1f4226444457a8b20dc65c6d8ce98406fa100560bf578adafc89e7
b963598c88889858e7d267297b6aacd932e85e6ccacde968ebaf18818e054f25
bd492e2cd0f18bf045ae272d00e3043275c5df7745d3441c1680ceba44a9b68a
d496e10f73254ed648e715bdb6bb09d433dd500faf8fb618040e86872931a312
f24ba050815dcf19deacdb5bcbef11daf1022766c39e3548dbc5941e8f7810ab
0208c34a80d98149ca58137a9f5653c83630af979fc39bd9b7e536cb02c17ad1
48937edec31e15b4eb8f096aab4a0001a603d73f86c282b8c112ﬀ0b8f84b07c
c919ca7168a18c56cef00c3a4a0dc6d3719b3d153a4e57cd70f4c01fb5cee298
6ae0f3ee3c4f63450b05a54bad0b6cf0a04d549a91ed9d9da133f68251e9459b
6f93af833230353b9a6229578884c561415c65d7b1d7cca75d08d0a7929d5df8
a4879c5d25e12059f940640aaeb00416de72510f7b1687edf65f51d5d2becee1
454c7ﬀ06c91e1f620cebed740882e2df86aa135dd19167eb76c7e3b985633cc
ae24886089f5398069afb62c38561abb784bd64c0636c27d0220b6ee58d36815
c92832de0e6cb89d87734dc668342d192d33c27f05cb6ee62ae05c7981465d0c
f4a29cd7142fca3fea01137ac88ac32b01b0418c992123140454cd157df55769
271f2e2e9028873579c1138a78cfa59fbe4c1b5bdbc6c61960b1718d4a162420
95d87fee253eef4d2bd387b31bdb8622f5860a21bf733494341941413a5cd5f1
9aba5cf3a30b369c073cb6abea476d54744183b2a3adac9febb928225896ebf1
d3e1aac2d41c65a7168fa78e01f2fb5e15ccd9cedb8a085b2d750290dc5f566a
f491b4e0aad11f8a5817c765916a1231181e1285286b0e84180a0b344f21f131
7210e5f156edc64c7c58322a51ef2664ab686b7c320b6141b2cc8ea2333ae212
1ea6823ceedcc1ad6fd656b9e251e9614f0844a9220621f398bec4cf50cabcca
edf73e0590039bfab1cdd8c7fd8c2494b9a5d09af4b853c60bb14214631bc6f4
4306b6edf5d394e454f1af6d80ee7e169f3e1fe7a4f6448329b935dab95c79fe
21725d3cd342f58b47e1c1c4882407c5947e93113d988bfe593df750cbbb8093
667767cef62514ad5ce392dfecaﬀ91cb304beea787efb2dd1ee325ac642d400
71ee1e65947c77dd18eeb155c8b846314e7126fa34b36012245bcab7b15516c0
536bb05102b988372a3f91af77937a015453c657e690d44b0d6739b8c86cafec
efe66c37e6b10b989987dcb0355a1e2b563c96ab47b61c81ad307f62ad4057df
a66e820a3ec7ba671e9a6e527197bca71584cf80b0f1da5513d6dafbbed0f762
89d508cd5753c991cfdﬀ9093bf06940156676ae2128ad964486bf041273375f
77fc858e441c40bfe484c6ea1cc8f25da0ae9029d745b137c1f5f14358ﬀ6b71
3e52194058d46542e41ac0e2077eb7ef4be86562c10213c459fe8b6b01d36e6b
1ﬀ349e6deﬀ8ﬀdaac29b027c3a5d2d31fc75cf6bf6084db0d73e630a4cd424
66ad65fa6ebe292a692dbfd174d3d1fe969cdad80cbf26ef1f27fa56cb567a85
7c1080f38d2b765c477fe2e72a48d550f611b09b8bfe7d3643a9ab4960b273d3
7b18df3143185debb5ﬀ4e90e78348cd0267e246322e3faa661795a96a7609c6
92b0373668ad04712e8ea6126f9a870939dee798ef87f06842fd39e3d325a134
860e1a7d142e2e9c44d471203171b02bb1c4db91101d27da1bdcdcb596b60f33
b5ae05eb03b89a50910ec286c54ba5c1cf4f79018ad2864756ab0661e3036669
9579f7c472c81b41c922539749c4ab0ﬀ621d0320c80c3627ee437d38305e587
b2cbbc949cc71058b5322053182dbafe0535120bc287f1012b60d536d81ed4d0
d9c1b588ac4369446cfa75b532974a459cb5a6c38a76c9ab0a8147758c2ec7f2
3c480ac17ab00a2acd78a5cf4e2af9bab6a99c676660026ee9f051917c99550c
4405d6be835eb1639464eb9fecf547bae81be5c4639b7b17f18e354eedf34e2f
ecc628dcb1ae5a5a7dfeea9881bcbf2f5bd493ad61bcdf8aa032ba6c048ed216
da20c78b225bd08c9485c8799650424f42a6a3001c56f035b8db869709f66045
7ebc5d6bcfe5cd647efdd8dc3741780d397aed798c958c75c707bc07ca95a5f6
0112c486cda0ac6c01ef1ed1bf8f0062c7ﬀ37dd1b5eﬀ4a060c374377be497f
e3c6cbd617a7d5210e69ef9292300e6de1f9445ec3a7c2cc42a18cd664427bcc
5bead81f2731dde548f7402232618b06f1d2ac423aacdea20396fa8a15a0c123
dfaafddc80d481df239a64b25db3ca5409b75d0db11e27af2b49471a4c45154d
685ab9a1688a4da7d65283ade9202a4686e628a303fac5f07fc80ddc1efa7850
b7eca83a096983dc761d83f94f00b6b5b35c2b865556efc9944cee3c54db2035
446ﬀd272c79554a19b5f4299327fb74b8ﬀ457681d10571caa6eea51ec406b0
42636f3185c9e398958aad272d983c8b8b1409df4ce93f1f8f608e190290f56d
24b2141c1134ef14f33a38c58342b6573940c5460d03a2945fafac36e32e6889
e53b0a60c238c45019089bdf7f16d5f47b7ba15ca2c918e385c41f0c2076eb52
4c8de1713f830819e8354b653fd19a5cafd0bc8fa3145eedf555f24261c874de
9ea3a726cabb7a8743e4c2f248767d39ae38e6e903202614a098969ad13fabd6
255d07a01501adbee32dd3a414ddf624dfbc6a1adaa7fa27e049e22965d71269
ad7216db1667fa4d4d723f9ebaf863b6a68ebda265b42d8ad4f45bb49ef876b2
5b59018d2e762b290d46e2a6c42934812a7af6e4b4592eea7e1ebbed3a582d1d
52d81570332b7a4d437fa8853ea742444a327fc17dd5afa97cd5d5df53604d49
f9583fd88e3ccec6b45c00d5799b5a2aaf1cd374ea8af5edf19561787ddfca2d
b459b94f3332241a18e242a1b288ba1f7578c7853b2e2d3b941cc6d8daca9553
15d8ef1545e7abb85e6ﬀ644490157850039a20415203f8b5115c7398ed92143
e0fb9ad32f0306b285b5c274a13c48637dd523a37ede3eb7c9150351a3a76cec
5993e5aad6e841331c4e595623bd30b6f6c147e014124c29c1f080ec487cca8d
57053a0aaefaf07652678cf4e5130542ddc76c522d76b4cab9b668bc3cb47c33
b46a9968abe1d12141335d41bc8d573723b551eb48a5e14469e134bc5919f526
cf6416e7beﬀa462753029555abbc2654aba2ee924414c12be769b4c706e7567
36ce547286ebe2dca45e6c89f7880fb30f7f4e71c2b2b5674f059b48063fcf9d
eab3e8ad9473d1834beab98946e6ﬀdc9fa0256620b1e8b118f52a6518fba4f3
4b5c55c41987b15be6989011854ae7fedcb3aa9008b17b71d7f17ba1eb3be211
041a35113b4fe09add33e26cf0c4358d5f6cc43a63032fca4a078e1f433d2f23
ee491174790ccb31304750bda869cc27c3215df26b7edfbb4a0172236d87b04b
2b1f966302490f0d71bef16033fac247e2b19345ae2efd053a309ae851a62fb5
b43f273624b7cbe373cea8466f078896c32bcc81cbba01a302ec0101413b2bd8
deb2d4eb3080298e30d0e63d22237b7ab4490ef30d44fe3c42b1430690a04b4d
61f17746460fee9cc2574e51e119606bb4fb80abfc15e050263ed712d3b8903f
4a93010d93f878cc4fa19923bdcc5a3d142d18a425bbbbd2e0c47871e5c7d62e
d3a599afc2d9d25fcd790c2a5a512bd0a10df5c0523da341b73026e1bfce58e0
ec23873186856213da6f41f4b7dfd4fe1f3c539e2c84771f4d95c89e109bd9eb
10dccb933c67304adbd4aca3d9d04919c7801539c7bd701b8b3940bb02d3cbc9
e4a6b575232cac61b04e12737b0a16c58a7713980f366902fb46ad2b5bﬀ64b2
8b6a8ac696118c7e91da4f57dfa6fea916366a95005f840c9b9a4e2b3e591f42
b25f08c16f8f936e5d513261e4b767c1ebc3d00aae078eaf1708bcfe4962a276
479c3bd3a3a3d3ﬀd760c4eb82013e52fddbd969e0ea04c73f2cde4d3c620a64
7f66b1c5f30bd5cdf674d60841abd1c00a445b17c51fd4d02b1209f9b6e31247
7a6e89ea837aaa9eaf078b57781b6ab367e8cb988d21b32edec1a6314d54ac05
410c22e43f97b8efe946765365db34e3485af80c1b394121da95e0f2bb4302a7
325b79f22e1917b513bf90c436a8aa1606f6cb733f73e3c3f9d6c077deef1425
5131f07906cde97cc638d34c8879cfc9298761bd04a80fe94dc33cac86d16011
746c01bae1a410c505795f3d579ad7d12179de7d8d4392090fdc22ebb4b7454b
86480edcc886188aa29079e71165b2b91feeb9aa16787b324ec7cab650be928b
69165c9361b537120111371cb77cd2282c48889c5c57f6e5c8cd7948ee9e9f75
7d8a91edbbb1f38e78b97a8314076ef6c4061006afce4136e75a6e254b135c7a
30d4c0348b0cdﬀ63ba2ddc5b7891bf91da0a3907ac30241eb699fbfdd97e78c
47f6730bd6546b75cf0e9ed47defc5df68da9d089b8f2acd7723a85cc44f9405
7384e608a14203985f9a2392f70cd8822cac1fd2688ee3efd6e4ac55b5c9bf64
d7ad498b434ad59d2d940cf3ec59237afbc2051a52fe2dﬀda3e61c739d9b87d
2b07b9359a49744393487b7349cbcﬀ88dc018cd32e1bc92241f85682fb7c1c1
154548cebfd6cf327efeb6d17c14a05c000e00d341459b52ed12246f532319fc
c9faa1635ec5577b6f220f892d1e046955717c486f58a364dde98e916cb23548
aa94f950a4ec6529ﬀe4aac38553168655d4a6fa2b4ee174e0243518c6f15ed5
c8aea25f763e308877701a6488e6b0c0d089bd52cfbc351f693246a493a574c2
fa00bfbefef6820343b128e4b31d9509813ﬀba9835871876d7c5f8d18a3a102
24afc24b77671b4426c30c6ef58a77cd533945dfc2749e8e297a81d2b1d95f94
d1a1ed682b045fb85e37d051c5ae14ed38b4ccf85116178caf8a4157670aaﬀ1
7ceb6eade1df9035a327c93af4286bde58496486023123b26161bee65a5e237b
6e46ab33869bf745574e871b3f118e4c208ba39e0b4e5912a8704b5bd43d5825
fb6d3d338904bc824c91b981c147b3e287b69986ca080c1224bfd3e528533a77
117c9a20a49f6c28ac9c18d8eb4f5e8bb8c8a09e895e8a38549e15b0c38c4769
3193db7e33e1570a2776d80457d9fa20a33a30072690cddf9358bf314ce8da4d
4140bf6968c3a39274645130e37bf0cb1b550c08c9ed08990bac32b4ad33f172
dd20ea6713196abfe3e0d36679d71d39e5f469b2ecf28a1584f15f20746d9de3
0a9a5863863cad2d9a24c01e787278d656f307afdd8bf0e9bbe083e2425e0722
d17f98ba86ﬀ96b5dc84e5a4ﬀ800791c2a88d36f3ef8827e8ee089790080968
fc6e3b3f23619d290016e1aec48c18513a6dcﬀc771eb02ce2be729db86b0fcc
918b13d80deed3187481528af2a150796fd4b42fbe41b41aﬀ2f62589f3f5870
1d21abefd84cbc607015f06769fc9550337f5d200348ﬀ21fb5be183f90222b3
8efa4ef59e81806a5c34fee1ad6d6339feb01011a8748057782255b64df0cf5f
2593d2f65feead439497173c78a10d57b573269d0ca628c2fc5668d641a04684
1d0923f9bf58a357fdadf974b8088203e596ab4baa684de5013aadfc5e906b49
9ee80117345e20be3a482b3f680569cfd84f07c72958657906eacc0dd42cc611
a46bdcf1e4e5244023a54f12c91de56112e6ﬀc809ae31bf34e95e54a1cea851
0c085fadd8063fcddbf4d9f6be50af69b08b3bde7566f68749f88055c6331a1c
4c860b1af02834256edfa7db1126fb1490e3787c07a93508d174be7b1fe01175
c85142c57f14a2e45e3f600ceab36e1731a0dc4caed235d63447cb1d48d8a6f5
67082b36ca9dﬀcb48423dbf5c9bd41d94ec0156df01a15c6d87d16582ed7462
ef4794dacfce59b11e0b794892a0ba3606f083d3643df3f29120c61786dd18ea
f1d52cd34c0df61ﬀﬀ7039a95cf70434de8162e057ddce98e9568edae1eae62
4bc7fcda3035f4624c92c2f6b9ae1e4576b5f49e4e4475895de929ca436ddf20
8fc83960b4e8e25e17080a63dc1793d4db13d178706f9576395e20df5ce1e78d
c8386c0d1ecba6c9edd57338fb2d8219a1d1c1a6ded2d89b26567b452e3a9373
daaf4ed5bfe5c7b618a9db321e6117e1b1597c338ae0e055d070d32dbd608838
a61b9e265c59407a10fbbf3a0de2f592ee781b6e2419fc0ecfee2aeb1fd4ca24
65a3f90a6eeef600695a424e195a4b5076c114481c44641c9ebe56fb7db2ade0
9b5992a4468fbf78d54ac91af29a6718da0f36a453a8c8f4dbb62c04425bcf31
a5bbfb42a1051ba4ccfd73ccd2fef7dbcf15b32c5f12b120fbfb7641c0e46708
7bc2e7b91233c94115d3fb6cfaa3ad29d052ccdce70329ef6051da70b7674139
73946f631d76d8a59be2648cc71dacc99d7549f0ab44a9c94bfd4fe32cf77f5a
cf24f90f234002a190b14d2741b8de583076bc3502245f694c1ddd4efd4cbeac
eaeefb654a6ea0087cbac9574f61a7bb55f29f96d99d2c623044b8da5478f502
7b13d0149faf344e928cce62f24e90aed4913db98d25a6a96e4f802e0bf4e450
2f50cd8d3256c041ee1b803b9e229f81004835fb9b1b25787346ccdefc62b153
a30573011030c4e9f12ae4be142c4ab70d268fc132346c24a947d8ca698fae2d
98bafb19352075bb13bee3a2f4824868feb5b4db0776c3a7497013f5f6ea7dcf
7846d33f6ec352546235818871ecaf5ba70811d4ebfda4d4fbbb7b5305a67a36
cf07efb532838e6877e88c40f4e69d7f77800248e91af8a553663ca0bd3ae7ef
05e6c944a139a37a1a7abb5da5af5ddbb378a0949c3b9fbb1498d286623ef85a
395ﬀ5e5a0f149dd3eaf05f1330df70f4dfac14c60386642f25593292f109847
08db0d760bcb1ca22f24dde4b06ae8978c832b47e5c86f3e903219278f519933
21b1a6464178a651a748857f088473ae3154a83cf63540261ce84eb7fbf2a234
ab6af6765fb5c39f7823992f823c06ac725a2a540ce0122a58809d97731f4462
f466a75cb24e2c27c5bf7ef46f1cbc27bfd5d2f3a5055a0c41470b5495c9d74f
61e668f79ade08a08124508c860099c842f5f70ce6a7151a3df17e7b613135b3
7bc84737bab1f85a443ﬀ4b77650b1722d1906022556876c609aa943d983e526
97b69baede9bb0d3bc0bd5a21dd8a5eecd8448d0e2eb509a69ac2daf0a278f85
e963f86daba6d6f59946e0935da060eb2053d2fb26df619b4f8c966e3c25c934
2887117b19363d209f9d47ee5b3b9d33a9357d7584dabd1e0cef3a33b43500f2
303b59e0ce995e52d11c7243d8c6082f878436825b119adf47441b9adcd23b35
ee0f27a72967e8689b46f72bfe3295c63f036a27d3bcc6b3e07602340c70b3a9
2df02d68b0f08cab1f6c5855b34599a610a51bd1f9d1df746aa72ac461d551b8
f43aae4c32e36056c507374396380f975a84fcb216d9eee92330af65db4741f7
d64ee497aee7a9bb569130b1602d9485cae425eee3c5bcfd015d8f4034ed1452
c190aaf1e91952bd85e280c91827920205e3a9ca54d74ee5c0295f0a7ﬀb11b2
a7dbeb1f4d48b2229bf2ad62213bc452df3919b4da403f85c9642cd0c16a7835
90a57383b34251c2020e53eaa9eaad4d7bf37d7f62a3162657919027b6d12a07
1aec7136dc18c9dcf4c5feebba60484ee2dc6f44eacbe5d1f67c6cﬀ248b558e
287a10fc8cd08f3ee721cef7977127a13c5dd93f2c6051f227c4731500c1b442
a348275b844432ec598d76496c8fccd6a9aa488be707709a64bdf3d3b8acb231
0d31e3776e9a3b33ecec4f3eb1ebab1613dd5669e978f1db6d0430dc935a9f9e
db2c753948ﬀb71db865e84408435f9480fb9c631c9234be22c96a89db2c2c6b
e46a970bba107b5ba586db2eb133e2967cfc3e92f759042459d92eaea5de4e05
2730daa49dbc70069432dfb5c21d993860e13778be3922d10fec9b19f2d641b6
c064f6f047a4e39014a29c8c95526c3fe90d7bcea5ef0b8f21ea306c27713d1f
d6c53d9341dda1252ada3861898840be4d669abae2b983ab9bf5259b84de7525
aca0b96126c813b0d29d6fbﬀ9175f8ca62ﬀ2ec6eed83bﬀ76a73ae717cfcb8
8cd45f8c8f2ed0109db6a64f9945f3dcb8a780f65c76aedded7b8af95e6dc7ec
933210a9d19b25e0711ae88eece1ba06bb035a01ab2880cc707ﬀ55bdd3b8dd0
e564e87958b3e76bc9bfeb5bed773b7a17f3a82f84872acdbb609aa43a9cd776
8ee4dbbdcfbbe13669f0484b168d5d9fa7b3db7732b567c9ae507f3bdd39afd3
2fce4ed2d23e687482f1fd165932dd3b292173d4e4f5991bc9329384699fb00f
0a9b334682b8ﬀeafef0fa230f0821bf8e0e0193212de7e6c2c1e528008c237f
b24ec3bc9de1faa5a55c54835c2673e244e7b42e291f70cbdc2c23672abc7067
c5fe4b5d1803a096c1a4330512406595bb585846b4a691459de1a65b6b390409
ca1381e1e5a506e5fc69278c6989249c5571dc59df872af69bdd4720a3219e93
0b28b28ab38a34c86501ac7eac77464ac77ce36f0cbde16b818dc8723032cd6b
9cf10f8b2444eaa0c2fbbf199d5fe583923ed14cb92ddd5445b3e6ﬀcc86152a
c2464e1aa533ead8d2c2d27a388ae2617616cf17c2c4936b72991e33f0c2ccﬀ
04012bef09ae476e8505bf140a0d49a97c38e54f082ebcd0b9eabba6e4ef8deb
dbb88de4201933bdb099b21f91786be636b6e4486765f023abd3319300ed0006
c5aef7cf92dfe4d5be086d9dd75f960e54024499ca86d768460ddcdefe59b751
c7f2cb7fb3ce23e7144c1ﬀ6bﬀa3dc013d706be2d78ed7da3c07064c71aa08c
67db8a1398d4a54f1d1e4ee4e3f729e3f48b1d60380e478d61656fa2ad119df2
7da877e695e8793bc185b134468fe8f391bbc13d34b382c6f1bbd24dcd8c34fe
de26d1c03bdcbc3059de02cda9a24e75dea077a40c51d5ef7e908dca33818883
ﬀe577ed01255bf462c0257a2333e6a0c1cf3472c92171885fdad45ae958e56d
7cbc7453ac42556c52a88011cca5e634d86a3f5398e44c8d33b3c08f0ﬀde633
eb630954eca8187618ea8c81a6bc260ef45af95ae0e52306e7e9a14ce51885f1
e5c522e14a66c7ee82d5e68db74f8b44d1a8e43e4a674b17a8405b21a9845bb4
ca63965941add686c00e72a57c4af9c1d1861ecfe36639190efb56810d3cee57
5a58e0bb60630fcb25ac0c57df0558eca7376376ccb93513b1aa6e1119f49b26
9d6ca2955d070b2b32fe4b034c8f622f44ba9c2c5b703312b010ec469432a984
4b5fe7497864d07f78af15fa3e1aa3702b303b89f9644624871d83dd0f484749
43911f3a36ede4a5c71a82c27a49e68cab0d0a309d934fab07d9655b30978de5
007988b1ﬀdce1e161071f92a130b64650735a5eed6445806c2c967d0902c286
da8c0a6ac025e95d408e72e2656d4cad02d4a3b4027ecef9d97c1a12311f37b4
02df57cb16dd7c4b42e45fcc77638e460001f8cc53b7436d4e2f978f528b8e0b
658b2e2ﬀ815267582ca2e09c1ecd1ce18d10757e196999ae1a471221645ae6f
e42fbcc86cd6efa1594057d920aedc6deaeb02aa03df675a9c11434a436c464f
4c09f544d3d0775933d2e0be26e1d308dc302b231b01dd1ad1da95b460c24bc3
b13d138b8e2d9c9aefc787e6cf7bafc61826e1259ee8f512dbae58eb86db7b97
e40f4ece3574f58a121d4d69162c036d4f903354f77836e8ebd570db01defc87
4be2d7cc2d715d7e5b87eb21f0c984f4da961d63aec448c790800fc1f76f2b98
3e4d1839a2882f831e04ea51082df3e4422c2b1d12daa5a8a8de7b48b5419c47
60d2a00005ccfeb478a073ac485a66ebdf8498284f7bc59213251f77932f7306
da7acec9380c8479d1131fdcec33107ecfac90c51e6fab9cb1a2e24b3098a606
b2936d7135282236bbafd816a31892ca254d768ac69fda4d25f1ce69d4948919
eecbd23ceccd6e5e6b135419fd435a2b10cc12cc0b386a5a4ﬀ2f5dfe28fd5f3
97d8351aac1137187f38deeb4b3f7743c414600681126410501ace48aabfe532
50ab1dadecf027533a17ccd2f4c9fb571432285567c914fd81540b8fbd9203bc
5cbc42e68adfd11c7054674a027eae6594bf8f116568d1718976d3465e7675bd
f2a712b804c838abf68be44c14d58aab4aa7873c8812fd1f2a9cf0fb112bfc79
a9254c4357e684756f5556ab0ba0182e5fb41401080f83af927abd432d8bccf1
fe20054bc1bfe3feee965833b8af2f35acdd2d9a9f28a0ecf307494ac6e1b664
fe56fa9266ddd1f9a864eabac6174815fd5315e6978067a4592b8949ea321270
de4e50fa18bae7964ea77d1e015265e4c2232e5bc7d97d28e420c942ce65d6c0
92aadeb4fb086bc672e28de288ab684990d4efbd43cdd94380037e4990a14b3f
4bc87443c8b2440dbec1a1c5079b78f92e7758df236520787062a9a760c98459
add67e3a4531d237e3c2b581c4f3eab46209a611ee73fd16758c5fb2cbb842bb
435a6b2421306dc072505c728ac7ce8afe99e0285b14730055942eec6081c5ab
e81dadfcfc8a9b12b992f216b3ed3c04bd404e77e5b690d601a27c71a7a2967d
79c6969732ac6151aae2e67867a1feﬀ9e6740f9db08ce07187367379b0f5179
23e59d431f392d39e141291938bbc8afcfcc15d821db85bd4facc8b8249e4717
6810a249c8905564bc4b143d87ed539e922545a9bb7126ce9159ebcde9695aaf
32ed7f3e60bb4b8d927ec548d3c95d9d6327f5b376e77165b3867f29f9ba4558
72311ef28d4b489360c8db938dc45650f95733a8ed316f53a759b3928e8e73e9
45d7d7b1bcad2b5d70f67b8ef7e006df8d03eb0d5e8af12a7aed5a68f1c34a07
53b58eebbfc0d6db0898132d72f191368a78a8e34140f0e74a2c179f3cd07664
6c3d5ab1ecfc9aaedd1722893d88af445029a19d3a0c67050bbc89da9240c31f
d2f237743c9bf65873afa65a45f02c01fd91315e6d7406fec02dc50c3255ab9b
736ea4918754271584615622fca280fb272f613f83bdb2b867fe1131482b4c3d
94e829c84786c6a10a7552d591a08b577921d6d6b8942a48cac2a3cbdfef8107
e3c1d82108339e1e923bf13986593391b732f4b0dbfadb3612eed6a40123229f
366fa0bc8cd1ca93ae22e25734ab854a1188ad171c2b8bed0b8e910385f44911
1b49a23f6ce95e63d52e263d60ab9da05ad6a423b5aea69360479a0965889014
8ee40eb0e93a94fbac47c990a0944b4d40e408bfe77a447fcc18c50dcb430347
4aab275b3318ccc3432c065561a1911c7f7b9d3b5d7aa7ec1d8e5bﬀa6c7409f
e954f7f030aaa08ﬀa2fb7038614e59be392680fdaa0d0ce63ef5195d5d42b16
db2884a9012cf6e8ea5b3fabb0d02a9487eb412e75085b37188d5e8f4ada7ca9
6d291c12fdb7ded66cb67088bb2fc84a28b2f36f22a599cb9a03b41b02fe0540
d1a9e47c59b13160bf062ac7d2b2552655e0aef751c1d92258f591114e1a48bf
edd381859129f4e84666944ca9373fb5da4fa0da7c25445bb302bad2d9c1db62
012b97bac3f23e63bcf1399f49d559ecf7523bd9a8693f1c483f1f1db79b8c63
0d8a1610fbe90831d4aae127563c8b6d0f0fe85aae3cd7062013f74cf38be4f0
403857de4d8406fb162dd53e1bb5744a468b47d138a9555f836bebb3c728dd99
3b59549507e0e3cfb4a363a306bf6eb4d26995066df643e1fc8e4e11eaﬀa7f9
debe4cb5645f10e6b6383838c25f26781a61acb536d2246cdf8dc33bbc1a2414
a611528272b535dc4d6a0da1d82f45dcf03044cf719bd0faa9c38380200e0256
d5340fec2aa3a89fd1c59c4e0fc1ac6d555cee377d7815f9dﬀ8e17c3b9409e8
6eef1f43012358b7585a243d79a070b716a13d77dd51ad89d903539283519721
234ae126405324aae9d60bd011dc4ba0c462eb2e8f5608386f0d4b03a0b3e6b0
df4b3c1e20e0edd4c9cae6746e15651421cd53ecb386ba363712fa4d14ec4af1
22ab5ea685e0702b7d6d51cc882f42fb53c993c107004bc1f5ddc71cfa8cc2af
db7f0dab70e1da8ef7a6a6d938531f2a6773c0c5f925f19874fd3e764aa45833
e58827967cba544cc1db3d751095878115f4247982fb514bbd7b98bced8de6c0
3846fe442df0175461081dd63299144a233debbd2453deeeb405126042ef72d1
982cf7af71d0fe54cbdfac74fd2985c48a011e6ﬀﬀe65012ee4496bb669b321
cbc10db9d7609e548e550e79f45940125895374b9a97e133020d5585bfd183ed
2dbd942ac2f0b92d497fa6595f638cbddc24eab8beﬀb7cc648a91d65b45fa09
38c459e56997e759ca680f88aae4428d9c76e9fae323b4d2238adf203036007c
153c191ef4afd3eba9df89150ac728757efcba1293716c23f019e35270a388c4
95f5f2ecdce872f5b96739f548e4b73bb8b7a2c11c46cfddf3e20fd04abfc091
1cf5de71d51d2769079a8cb64e05f80e72e88846987602ad7302478c0d574caa
c9f42b866fc203b4cd9d09cfcb0f8fca41097548393c15adb0557652526d818a
ba332017cbf16842170788f5688e3b8a79c821ef1331e428d77af238c379be4f
b278b0e63acbbb92396da41bﬀb99b9ef09dﬀ1b1b838f69e29245c6731269f7
b6837f46124a360ﬀﬀ235824cc1decda2b97d6daf73e80f3615bce7781a86aa
12e3140656d7df63a1c444b0ebdae75039a18799e2ebd03a80eeb26ce5dbb66c
d3383c7ee9704b51b302d7e611214a78050fcc7ad0969682355894af58f63cdf
3eﬀ10af3f2afbcf59d5cf77f470abe3cfafbe48255e7f6ea56a22608e332824
ad87dcc617e9914e28f76d071b586ac2cca9454078f3141c17e0102c9e2eebaa
65f81148184a7ec71a43e9cd50e1267ab3fc64f3ef5f41f9da8bd74000baad30
f7cc1b8f93831f7170e5317b5b79aaa9ceb2bc6724f21bc4e2c6cccb71655624
d08e92af78cbf7049e8a9ca7b6ab61e8dc42729848e73b980b7cf5ac74d505af
1b0b9cfaa78fac0875d10d087b8354d52bﬀb1f576eec7d49acab9d3394ccd9a
d48f2cb5cc595f5cea29b7fd2bd8463fdfaf980c48792294ebb4c798516a7eae
5a739f018675094baf0b61ﬀ8462b1c946410f4776be877719cb20f9a9c16dfd
d53ace589ad1a39487f36dd3e516ac2a5af0aec521f28c5b78b3a47636cfb068
0778ef085fdebd39856ebfa4bf1203dcb7ee59fa4fc82a71a2ef3a949143c543
4ﬀe626708fa6a2d76366a962359658e0d919544260aa2179727964c34e12080
4dedf0b96b253b8fc15b007e4f61eb85d0345ef19f5a1fc6ea0772614375f606
f3c7d7c0e71d15dc03614964c887a2459bd0ae4a97a324018a97dﬀ27608e4b2
8b73b12aad16a58d07048a307a7a558755d0f5ca369dbee8b808a9d9c941a25d
a2ae329bf70c24e4380d6133a4c02127e09597111e4edfd7808aa471450d2332
001f52a0fa8d4abe34bﬀf6c96b423435c0ad3e06d40ece228fe2db3bc0d1067
b4b56db2ce95d52b018edee05f996a1b5ae11a289979e984157a0efb7bbbc9b9
617f1260e18929704c0ef45dae5eee7b9690b7a95f66e76ac00cf9dd2fca465b
c283c26a991fd3599e8fd91bf059c2dbb07d3d630caf699531c48737faedc325
447f249e60df0324f74a40a4b35f432b2e19f801ce2d4d6efa126a6841836b11
d7aeacb2b12cef81315a64670a27575d84ac1af4541000d0093fdb3676afc515
d200cbc2b28811bf4762d664a4b3f9f58f6b20af03981910dc2317751f91027d
b409ee2691e7b2d2598cd01ac28a0914d4778da8d8b7a62d2f78492b14790917
e95af1012346ab3edbb365f3463bd060bfa7f194b7c68c8e680dfbde43c57eb7
015e2b8de525789f551abb4af169ad914f218fb07df2496c6f23d51d6a711688

Remediation

Block the Threat Indicators at their respective controls.
Do not download ﬁles attached in emails unless very authentic and necessary.
Do not enable macros if a ﬁle is downloaded from the internet.
Keep all systems patched and up-to-dated.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – SeedWorm Malware Campaign – Threat Indicators

Rewterz Threat Advisory – CVE-2019-6465 – F5 Multiple Products Bind Security Bypass Vulnerability