March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Remcos RAT – Active IOCs

January 28, 2022

Rewterz Threat Alert – RedLine Stealer – Active IOCs

January 28, 2022

Rewterz Threat Alert – SNAKE Ransomware – Active IOCs

January 28, 2022

Severity

High

Analysis Summary

SNAKE ransomware is targeting networks and aiming to encrypt all of the devices connected to them. The ransomware contains a level of routine obfuscation not previously and typically seen coupled with the targeted approach. When started Snake will remove the computer’s Shadow Volume Copies and then kill numerous processes related to SCADA systems, virtual machines, industrial control systems, remote management tools, network management software, and more. It then proceeds to encrypt the files on the device, while skipping any that are located in Windows system folders and various system files. When encrypting a file it will append a ransom 5 character string to the files extension. For example, a file named 1.doc will be encrypted and renamed like 1.docqkWbv.F

Impact

File Encryption

Indicators of Compromise

MD5

06b9c199c12f895f0898335ec896d13c
2c42a41ea476a5e3fb8da7de62ebee96
effb66c9d8705895ec697afb69ef041a
cb36888d1146cc2e84d4db2c31ef0f42
5c6868922ff40b7bcb766464ea63bbaf
f317026a30b251e8d87e56358fbf3e5a
ee0bbaeaae909f736129b0d1859b8790
73abf311073917bb11943c1e12820f26

SHA-256

7cb8debe9e20dc9b230d51b2c31a568f04c2ad58fc67e9292009decf7bc125f3
cc522d59efa125b1b31baef352cfd112a5bccfebe56faf38a726f3295b66018a
a5aa94475a74fe3e23364858f4b40c1c96c236ae284fda36d6fad080c2ed7123
cb906fb32a15bc423cad0cccd0e2ff0be9c6ab0595dfc15178d1010efed90845
8cf550788d99f53483977101d6c7097074ab42555c78a23e9b8e0e7e2ccd85a5
b589bf0679e981fdfbbfe6d42c1aa90692ab5dfc191286c6258bd515e7dbc09e
b35e41ed05467b959291a0c9353debc6251243f10bb0f25813c2d0e9056632b7
4e5c21b71e29adc8bd804e959424bb35ccffcc752489c13b45a452d1dbc61181

SHA-1

0ecd09b63eb61381b39fdde1646a334e6a06ce09
8872de7b7f896ad5c2e8e49f8687b66ea9c3e5b2
82a049debfd8f25f33fffcc238ef14294bec4fb4
63a119dfd3aec259346357a692b96d8b5d42ce16
18e6532d69983d1d170155c101ac328aeebd12e1
9ed3f7fe8419f9dddda176aa441e49a7ee127ca5
75668afe30e9273ead4ae95fc46f2c6fd3a338cb
4f1dab1bae8c3182ff7c96e980df4dc62bcce71c

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Remcos RAT – Active IOCs

Rewterz Threat Alert – RedLine Stealer – Active IOCs