Rewterz Threat Alert – Donot APT Group – Active IOCs
July 23, 2023Rewterz Threat Advisory – CVE-2023-38173 – Microsoft Edge for Android Vulnerability
July 24, 2023Rewterz Threat Alert – Donot APT Group – Active IOCs
July 23, 2023Rewterz Threat Advisory – CVE-2023-38173 – Microsoft Edge for Android Vulnerability
July 24, 2023Severity
Medium
Analysis Summary
Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the wild since 2011, carrying a variety of payloads. This malware is mostly used to load additional malicious software, which is often obtained from a third-party source. Smoke Loader can load its modules allowing it to do several activities without the use of additional components. To date, the supplier of Smokeloader, who goes by the alias SmokeLdr, is still active in delivering this malware as a service. It is well-known for using deception and self-defense. This malware can be spread in several ways and is widely linked to criminal activity. To hide its C2 activity, this malware sends queries to popular websites like microsoft.com, bing.com, adobe.com, and others.
Impact
- Information theft
- Unauthorized Access
Indicators of Compromise
Domain Name
- www.tobimar.ro
MD5
- faaf2b2088116b215ba632a919054724
- 42f08f682c42869cde79859051d37064
- c1f03c66aede737ccad5d77c771f5b58
SHA-256
- 890959904a520f2d99b2aee5763fec2a5cd0e490657aeed9e0a7a9ae60dde517
- ccf57eff80d10c7a3d6236802e91d4f60fbe68a8cca21d670ffdb7c6c6cb897b
- 09c79bddc137abf4462c4fb5b4502d5e25a9e571b3545339446dfe0613c6631a
SHA-1
- aa8d25713a32e0e3033997ea13213eef96b1a9b3
- 22ee2cdcf92bb14be5e243e38a72f81cb7437f71
- 3cb57d6d1d60db3fa5fdc1407e11080c98d186b5
Remediation
- Exercise caution when receiving messages from unknown senders.
- Block all threat indicators at your respective controls.
- Keep your software updated to the latest patches.
- Search for IOCs in your environment.