March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – Multiple Zyxel NAS326 and NAS542 Vulnerabilities

December 4, 2023

Rewterz Threat Advisory – Multiple Dell BIOS Vulnerabilities

December 4, 2023

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

December 4, 2023

Severity

High

Analysis Summary

Smoke Loader – a malicious bot application – can be used to load additional malware. Smoke Loader has been spotted in the wild since 2011, carrying a variety of payloads. This malware is mostly used to load additional malicious software, which is often obtained from a third-party source. Smoke Loader can load its modules allowing it to do several activities without the use of additional components. To date, the supplier of Smokeloader, who goes by the alias SmokeLdr, is still active in delivering this malware as a service. It is well-known for using deception and self-defense. This malware can be spread in several ways and is widely linked to criminal activity. To hide its C2 activity, this malware sends queries to popular websites like microsoft.com, bing.com, adobe.com, and others.

Impact

Information Theft
Unauthorized Access

Indicators of Compromise

MD5

6fcfd70766035eefea595e391c320d26
a3120202605b132dbb855fa72cbea3bf
7226bff3f8e4affd9a7af9dd5a46d9a6
752bb6e39f05c8696589218edb430d3c
432a7a6b4b723e5d88eae3fe158c6ae6
9705b269886bfc7a262c12486f5e6802
fcad8d562572cc12c138fbfe504d8ce6
72f0be04d85e8eb1898436deb07a3628

SHA-256

589c6d6319bbeb8d36b11c18489a867e121ec97c52c5079ad8af942ecd644884
d7a281841aaec8f4f7bd954586d70dd071089cd433907cf1fe636f642a946684
bde18d5d45d018ce500df92e15c82accfa05dffe6864c6bdc0f7e3eb4b1777c9
e9625894666e2f9b89483d524e37401a2dabffbd5fc10378aa4dbf2f124ecba8
4272d50d759608b77e9240a433fc1a4bbf149e8f4cb05d6f89fb53fd73446a48
ed51744a40d59eb9079f26bbb57ddc76bf4b9d60ee1d575adf731b2571559ceb
9dd51832d407505efae9b587b98c151a6aaa4edc698aa40ff2f268adc47b0fa8
2dd2b9077c3a54871007f04de5e91f3f6d12fca99afc77ced44da7aa3268ba26

SHA-1

2a7ebd12a5dff21fefca97c3680eb4ba6eb6675b
a6e3728565ef6b96f84ad172f77c5f43efa18cb6
aacf8f26deff62c9bc91e863076af21555d38137
5cd442db1d14c95c56db8d0250fb464ee006248c
a93140d92b0cfafc09cb5eee77399aa693b2de3f
a9cb5931ddcc0cf8e5b886270bffdd14472e5248
368b555e8eb584f9f16f13db9b62a54a390728d3
9c4f3297fbedecf3f71dfae2489e5a8aad9b5f07

Remediation

Exercise caution when receiving messages from unknown senders.
Block all threat indicators at your respective controls.
Keep your software updated to the latest patches.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Zyxel NAS326 and NAS542 Vulnerabilities

Rewterz Threat Advisory – Multiple Dell BIOS Vulnerabilities