March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – ServHelper Backdoor – Active IOCs

December 6, 2021

Rewterz Threat Alert – Dark Crystal RAT – Active IOCs

December 6, 2021

Rewterz Threat Alert – RedLine Stealer – Active IOCs

December 6, 2021

Severity

High

Analysis Summary

Redline malware aka Redline stealer steals users’ confidential information from web browsers and by installing malicious software this redline stealer can harm the operating systems. The malware appeared in March 2020 according to the Proofpoint investigation. During the COVID-19 pandemic, redline spread across many countries and it is still active to achieve its purpose by stealing passwords, credit card information, username, location, autofill data, cookies, software set, and even hardware configuration like keyboard layout, UAC settings, etc. This is an active campaign and is targeting different organizations in the Asian region.

Impact

Credential Theft
Exposure of Sensitive Data
Unauthorized Access

Indicators of Compromise

MD5

b4fc7a117427e951a3dde8906fb6291f
723a41f7ab3e9c3561fca83e1f4f3c7f
20ae37b4698990c699a5f3cd54ada1eb
b83986f5ac860d00413c041db29d8e9a
78a9280339465b37b53c7fd81025aed2
a9d4e3c3a57b587839b90cce5bb85487
3ad87fbcb98cc43b59cbbe063ea69a20
536402c78ae939942240010ef666f603

SHA-256

46f64c1974b7fe11effde5e9f98c47a5bba0a71c2274e5db436a6a2b7ffcedb8
c62d71d8d8394949fe7d834f4026833b06dfb6b3c06c54fd1014e1fc13428726
ee3e7d2742d255dff6fd48dad7a579290559f3c014ddc0bed1781a4a89c6d5a8
ba14d67497a2eb70d97059d6ab756de7d1e5502b6a2325998541fa80397c071d
7879a27cfe4ba0135019ca0a07de6fa50f7e2932df1f0c79aae4dbe9f5e0b7d6
7e632c47fe024990968940d26b0eadfd7e4592595b30fd8387aa125f41a58683
3019bf7aad3f4838d64c6a648b24ea0e6f8a652ba2993e5b5b2b4e9527b0968d
a3354e6c95d35e6953a647cd7de0d22b7a71f46585701843e50e5e5403d05380

SHA-1

1c427229d39ebf1b9357e6dc2260f6e7f2092680
d77d5594259a78fea484c1d482dd62f97fc376cd
3ad78f0ac5c3e1e392f781c09d5c88d3718fcbe5
9f6430d70cc84222bf8e3d7b8e1500b2de36b913
70a609b41c86c5ca6ee41e615c20f8492079210e
4acf6eddabb90058624fe850b5dc8e36e86e98f0
7bf23b06e609bdf213e56b1ee820eb5d326f9d87
d87831584a26993c80063be6188ec2f8a36ff39b

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on links sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – ServHelper Backdoor – Active IOCs

Rewterz Threat Alert – Dark Crystal RAT – Active IOCs