March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2022-4135 – Google Chrome Vulnerability
November 28, 2022
Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 28, 2022
Rewterz Threat Advisory – CVE-2022-4135 – Google Chrome Vulnerability
November 28, 2022
Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 28, 2022
Severity
High
Analysis Summary
Meterpreter – a trojan-type program – enables attackers to take control of affected machines remotely. This malware injects itself into compromised processes rather than creating new ones. Meterpreter can be utilize to send and receive files, launch executable files, perform command shell operations, capture screenshots, and record keystrokes. The main objective of its distribution is either to generate revenue or infect devices with additional malware. Infected email attachments, malicious online advertisements, and social engineering are some of its distribution methods. Threat actors can infect victims’ systems with more malware, such as ransomware, by sending, receiving, and executing files using Meterpreter. Ransomware encrypts data, making it impossible for victims to use or access it unless they acquire decryption tools from the program’s creators. Identity theft, banking information, and password theft are the main impact of this trojan.
Impact
- Information Theft
- File Encryption
Indicators of Compromise
MD5
031660ab6f05dc07892ef33a4f3dd6a8
7e3ff55ead26936e35f45873f260333d
SHA-256
f450418e1b3a604d4466c07704a3f2c3bc76ceadc96aeb2703e7c3059fd14dd3
e9e11200246d1b8300a8356b8068016bcb2bb66c409467e0939e1b934eb83499
SHA-1
f7135ea37325e5c60cba3e24e7e694663276216c
2b1dfd346c5cc473e32f6c8430cd17f7cede372e
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective controls.