March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2021-25226 – Trend Micro ServerProtect for Linux
February 1, 2021
Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
February 1, 2021
Rewterz Threat Advisory – CVE-2021-25226 – Trend Micro ServerProtect for Linux
February 1, 2021
Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
February 1, 2021
Severity
High
Analysis Summary
NanoCore is a remote access tool (RAT). In most cases, this malware is distributed using spam email campaigns. Criminals send thousands of deceptive emails that contain malicious attachments. Once opened, these files immediately infect computers with malware such as NanoCore. The presence of this malware can result into data exfiltration, since the malware distributor gains remote access to the infected system. The malware is also capable of disabling some tools, stealing credentials and sensitive information.
Impact
- Credential Theft
- Unauthorized Access
- Theft of Sensitive Information
Indicators of Compromise
URL
- https[:]//cdn[.]discordapp[.]com/attachments/795419484378628191/795419502606155786/Antimalware_Service_Executable[.]exe
- http[:]//newhost[.]zapto[.]org/new[.]exe
- http[:]//nop[.]myq-see[.]com/win/Vbb[.]exe
- http[:]//michaelcardillo[.]com/soundmind/fonts[.]exe
- http[:]//balgruh[.]com/images/inside/winsconfig[.]exe
- http[:]//michaelcardillo[.]com/images[.]exe
- https[:]//vieswablesgrowesr[.]com/upload/YOUNGPUTTY2[.]exe
- http[:]//gyeuiojndhbvmaoiwnnchauwo28vnj8mjmvnwhk[.]ydns[.]eu/VKN[.]exe
- http[:]//gyeuiojndhbvmaoiwnnchauwo28vnj8mjmvnwhk[.]ydns[.]eu/ABW[.]exe
- http[:]//dannexgh[.]com/zz[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.