March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – WannaCry Ransomware – Active IOCs

May 18, 2022

Rewterz Threat Alert – A PowerShell RAT Targeting German Users – Russian-Ukrainian Cyber Warfare – Active IOCs

May 18, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

May 18, 2022

Severity

High

Analysis Summary

Redline is an info stealer malware that steals information from web browsers and has the ability to corrupt operating systems by installing harmful software. It steals user information from browsers, instant messaging applications, and file transfer protocol clients. According to the Proofpoint analysis, the malware first appeared in March 2020. Redline expanded throughout several nations during the COVID-19 epidemic and is still active today. Passwords, credit card information, cookies, usernames, locations, autofill data, and even hardware configuration such as keyboard layout, UAC settings can be stolen by RedLine. RedLine is also capable of stealing cryptocurrency. This malware is a live campaign that is aimed at a variety of Asian organizations.

Impact

Data Exfiltration
Credential Theft
Information Theft
Financial Loss

Indicators of Compromise

MD5

9bd097703d199a56adca3324efcc5f78
b7c61366d5396aea88f7466e6075312c
04ad741f5b26ac8ed21dace5f3b622a8
cb4f5b131158c205eaba40892f9d23ab
a3f612973f091ab836c1aac0fd420d26
1722faa45c877591729b0cf7763f1696
404c741adacd6b05edf8e050d067d64f
c66c7b69f97756c822d96f391efc0071

SHA-256

13b380c9a5538e2d28651aaaf00650d097d1f51042c48a4e149b43dc775a962a
0894c766c72290465fa4d099ac313bb02848562095725af85dcd1b852e5ddd74
db6abb31425efa72744c822f954c81ed0a2437ff82d929b4e8d842cf57c48a19
eb0db3cef92b2c3e69831542b3f7fff1f14c74e580a720a80db5ec5119bff530
6ccc8edcce52e621484208387d0e71da165f1578f0db95b51b8b31fb8c19cc05
04a86becf9648432d6e1bc0446567f1c6962e767c0e0738802e2a3c2520dfabc
f3808929b838576e03eddd233112f837b058fa6d77c7d01cba4d0411139173f4
74dbb920497b47d6ad0e96b5375723d9bc9534ace5f2260a2d2aaf0411e8894a

SHA-1

a05c689e0e80513b32a61eaf3d88edada07b7005
cca304653a0c24b31cced1dbfaa1b8793dafeb24v
e28b1bcd7eb0feda7ae0b1927d579cf1ac2ce7d3
c9d3a2fdc5cec6aab8da4602c1699f43d2023393
0633fc38d5b0a365429a6584da1ba45fd760f8b5
47ee676c5a8fc77249beac8dac89919c9fa300c4
77e6cfeca72fc33614b4107724f512075529861b
4acf8174189b0a7459eba90da5abd76cf146ed4d

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – WannaCry Ransomware – Active IOCs

Rewterz Threat Alert – A PowerShell RAT Targeting German Users – Russian-Ukrainian Cyber Warfare – Active IOCs