March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Advisory – ICS: Multiple Siemens SCALANCE Vulnerabilities

December 19, 2022

Rewterz Threat Alert – Conti Ransomware – Active IOCs

December 20, 2022

Rewterz Threat Alert – Trickbot malware – Active IOCs

December 19, 2022

Severity

Medium

Analysis Summary

TrickBot is a banking Trojan that targets sensitive information and acts as a dropper for other malware. Trickbot is usually spread via malicious malspam campaigns. These campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment. TrickBot is also dropped as a secondary payload by other malware. The malspam campaigns that use Trickbot use branding familiar to the recipient, such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. The opened attachment will prompt the user to enable macros, which executes a VBScript to run a PowerShell script to download the malware.

Impact

Credential Theft
Financial loss
Exposure of sensitive data

Indicators of Compromise

MD5

dce147a0dbdb508497d972fb4f460b7b
760c6aae89086f07ad0073ec76517837
65b862293b5eb797a7fdfc1ee53e39da
4c2350df9ba118614deafe2d8d12c712
3f2e10a192d120298e213d5029608b78
18ea9ba929a80ab1b833b451128f08c5
843aeffe6e3ed4bcabd34ad90d8e7bdb

SHA-256

3c28aefa7ee31683c0e7f6e0ae23fde845cb809956c8ce81c4d8698450b990cd
53551b760082fc79c2ee25988fec75be8730ee954c41989c5f02c440b2223ffd
7c608442aa99a687a1167ce5de338007c24845666ebe8304b6265127b0a53564
3abcd53274a66ce3da2260435e55eb2d8058ad76d3226c9521186633caa56982
8d8f697486ed995dd62693ba968927e283601798a3daacde4b981480347e2220
73ed4e537839d115c50a1dd13615f70db04013c9a7049ed04fae7694191d711e
477c4d670451c426c04e38e35e09b6fc21d49e076f88300949772bbf68552b2a

SHA-1

2b799f5be2fcb57f0b7cb501260cb6821f7f74d4
11ad8f4502c77378ae14be28c162f7b62840d7c8
885094619d264a625d8160bcab9515427a4ede2b
f15cdd99e0888aca8bbbcb03f259461b92543c51
6b50dd968d6ebd7fe358ecaead3a999022952057
a2e1537d03e956188e4d2b7bc9eabc29d2a81322
819721303765e82891a11f56787be7e89373ee2d

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Multiple Siemens SCALANCE Vulnerabilities

Rewterz Threat Alert – Conti Ransomware – Active IOCs