March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 17, 2022

Rewterz Threat Alert – BlackCat Ransomware – Active IOCs

March 17, 2022

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

March 17, 2022

Severity

Medium

Analysis Summary

Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the wild since 2011, carrying a variety of payloads. This malware is mostly used to load additional malicious software, which is often obtained from a third-party source. Smoke Loader can load its modules allowing it to do several activities without the use of additional components. To date, the supplier of Smokeloader, who goes by the alias SmokeLdr, is still active in delivering this malware as a service. It is well-known for using deception and self-defense. This malware can be spread in several ways and is widely linked to criminal activity. To hide its C2 activity, this malware sends queries to popular websites like microsoft.com, bing.com, adobe.com, and others.

Impact

Information Theft
Exposure of Sensitive Data

Indicators of Compromise

MD5

4851c118343c2fa5c23cba514cfbd8f8
55694841ce219e189883689911ee9291
02f3be868ce7ffe8d819d29f44f60736
6c0a00bf0745accd27441b4c0ac56876
32dbf4b4aac2311a064861deddd6a0f8
dd3c57e2520a47d634e5faac52782fda

SHA-256

003a9345eea8af5e99426106b22530b441c196f455ce7433e00c920ad5077245
0063b80315ee40172ad671a0ffc408f27fe56d716749cc996b271601fd0a2a2c
00581e2fa186e5b6f044427945709e2439aad5782b8718c73cd5587d2a65359e
022e85b0301517e90423006b4ea98ace33f914820228f0e5f2fab9d66219ac98
029f53d119346132e70fc03c166de496850e0fcf619bd4bb15d822b862709855
03b887397102e717de5ef8a0d4d0374bdf5347a85dddc8c829714770142b8fdf

SHA-1

0f1e454a0413bed69a28bceb8053a2ce2f9b4e51
4b42db8af96b19c890fb47d494983da9dbff6090
6696b063a9fde1a455299f205a13bb7fc595ac8c
b7ee5551b39dd9d00fc330fce68993fd84ee5d64
d8b634aadab1bc9264f38e8ad8231bb5fb56f356
73af831aa23f72d82fe80e84b0c4411e6a9dccb6

Remediation

Exercise caution when receiving messages from unknown senders.
Block all threat indicators at your respective controls.
Keep your software updated to the latest patches.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – BlackCat Ransomware – Active IOCs