Rewterz Threat Alert – ICS Focused Malware – Havex
July 21, 2021Rewterz Threat Advisory –Multiple Citrix ADC and Gateway Vulnerabilities
July 21, 2021Rewterz Threat Alert – ICS Focused Malware – Havex
July 21, 2021Rewterz Threat Advisory –Multiple Citrix ADC and Gateway Vulnerabilities
July 21, 2021Severity
Medium
Analysis Summary
Researchers have identified a new family of malware while investigating processes that add local exclusions in Windows Defender for specific file names. MosaicLoader is seemingly delivered through paid ads in search results designed to lure users looking for cracked software to infect their devices. Once planted on the system, the malware creates a complex chain of processes and tries to download a variety of threats, from simple cookie stealers, crypto-currency miners to fully-fledged backdoors such as Glupteba.
Impact
- Session hijack
- Cookies stealer
- Crypto-currency miners
Indicators of Compromise
MD5
- d724066d7c19b29b2bdb7468a9027f1b
- 953ebbee1cc0fe28595ef92277ee1824
- d9ecaa2b2ac1902805ca96b7f6803028
- 62828deec03544193a8b7af50b587c64
- 51ef12de306029e18ad25802b0acfbb2
- dd2d93e538f05295700a371976b057c9
- f3481078c22a26ecd6ab9f653e6be075
- 09ca3264faa0092b6704bf77e72fa5df
- 91f545054d5188d0a61e9aa39f38f02d
- d7a8d70022085464f05888ef6575d8ec
- bda968ba8dc4a7351f1af40549e87713
- fe5d1d2a2a9a4b61d237546d5896599e
- 90070741e9c025f841f47f0c3adee3d2
- cd6e4a9e65bd9e1e3aae77400161ead0
- 74f40695d6e8b7554652a2ccab0e24e4
- c2595f372f0c55e3add27b1987ab7273
- bb31f608469d58ccd816033dc5740942
- f08910c2927c583531dd1da85d3644b4
Remediation
- Do not download and install applications from untrusted websites.
- Always download software and applications from legitimate sources.
- Keep your software updated to the latest patches available