March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Gh0st RAT – Active IOCs

January 4, 2023

Rewterz Threat Alert – CrySIS aka Dharma Ransomware – Active IOCs

January 4, 2023

Rewterz Threat Alert – Mirai Botnet aka Katana – Active IOCs

January 4, 2023

Severity

High

Analysis Summary

Mirai is one of the first major botnets to target linux based vulnerable networking devices. It was discovered in August 2016 and its name means “future” in Japanese. It targets a broad range of networked embedded devices, including IP cameras, home routers, and other IoT devices.

Mirai botnet exploits security flaws in IoT devices and has the ability to turn millions of IoT devices into botnets and conduct attacks.

Previously a new Mirai variant was observed making the rounds called mirai_pteamirai. The botnet exploits a vulnerability in KGUARD DVR to spread within an environment. The vulnerability exists in the 2016 firmware version and is fixed in any version after the 2017 release. This botnet is active and used to cause DDoS conditions.

Impact

Server Outage
Data Loss
Website Downtime

Indicators of Compromise

MD5

ca89fa1c9855ea0969cac1a89ca805ea
33d63c994e072feccb4305c6effbf519
7eb4b6d50cfbad435c652e34ec9bc98f
a701d948eb1ef9aa8f4bc92ff07d9596
b04be6a2f6c10b4318dcbf34db4d180e
43985c636176150ba72346cbf6e69242
120849cc6925f8cdaeaeda09e076acf3
96c9bb88d1a94be14735a840a568bea1

SHA-256

0cd894bcd43a86d479bc103634fa2d957b700ede1b2afe4e94ebbfa01322e920
a9d5202522d833aea00f3fb1a3e4de6dd7c4f0e34ff10e209860d3ff3dcb7902
94c9dfa4fb33b053723918d1d801947bc4ba5b0f0d57e843c5d50fb12d1d5bb4
3d4327c5ad9bb00f2d933c1d0bf4ff0475cbf00042e15b618c520d4ad4c140d6
717693923e4377d0a7daabaddbb240a65cae3026b6b72d302ec702cef7142a09
461b9a1907ab8665e9d20ab9f015c289b9a654aacb2b34ece2aa08aa65e63d55
d27617eef2a0bc02a52746c8d5d3ecbf4d8f72f002d1ba9cb01e410cf4d40b64
ee9ffb8ce499a56ac269440d864ae2722dc424fb0c771ec98817dffee24ca2ac

SHA-1

d2549e6c54f8130cb01dc7d759f14b39d5020ad6
314e7dc77c027bd508d2dfb0d9d0e5cfda8ca8ae
05ca055bc2c2d6724516e58f9340ed032878a571
bf0dd39e0049f25bccaf31cf4cfcd22f6c848e8b
25fba33b6ef6c630fac99124ba85698b07d5686a
7026247aea2641cbea6619d4651198a7c2f9fb8b
fced6c81aedaaf728de6e42667670935e5902a4a
05f1c89b21b1107ea107e1c25da725370bb276e6

Remediation

Upgrade your operating system.
Don’t open files and links from unknown sources.
Install and run anti-virus scans

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Gh0st RAT – Active IOCs

Rewterz Threat Alert – CrySIS aka Dharma Ransomware – Active IOCs