Rewterz Threat Advisory – CVE-2023-24426 – Jenkins Azure AD Plugin Vulnerability
January 26, 2023Rewterz Threat Alert – GandCrab or .CRAB Ransomware – Active IOCs
January 26, 2023Rewterz Threat Advisory – CVE-2023-24426 – Jenkins Azure AD Plugin Vulnerability
January 26, 2023Rewterz Threat Alert – GandCrab or .CRAB Ransomware – Active IOCs
January 26, 2023Severity
High
Analysis Summary
TrickBot is a modular banking Trojan that has been active since 2016. It is primarily distributed through phishing campaigns and is known for its ability to steal sensitive information such as login credentials, financial information, and personal data. It is a highly evasive malware that uses various techniques such as process hollowing, fileless persistence, and code obfuscation to evade detection. It is capable of a wide range of malicious activities such as keylogging, harvesting information from the infected system, injecting malicious code, downloading and installing additional malware, participating in DDoS attacks. TrickBot malware is still active and the group behind it is updating it regularly, it’s important to keep your systems and software updated and to be vigilant against phishing emails and links. Additionally, it’s important to use a reputable anti-malware software and to keep it updated to protect against TrickBot and other similar threats.
Impact
- Credential Theft
- Financial loss
- Exposure of sensitive data
Indicators of Compromise
MD5
- f92cbda46583b39c6b0cddcddf18991e
- e3c9ba02a5e309d2f8e8d06fc73b9554
- 5f82028dd93387d65eaacb63b130a435
- 55d2bf97855b006365dca9f413ab73c6
SHA-256
- f91753cbcbcc7c8c2e5bef4126c2806e65328524f820fadb3f4332b645e28d7e
- 1489023ff883c2034d03a380d95074f84d22b8faee12a229737d904025d4f15a
- 2faef9e769bf8ac04a77ebe03e7d26aece3189e5ad6b0f316d90ec8999a94b04
- 77f92f280a7e3bd03a9eb9ff45dc9064616b7c6fe20e60a57015fc114f9df2d5
SHA-1
- f6b5fdecdd6df68780af6d44f8c21e3dc842d636
- b20f5287c4bec70168232497478c7692e516bfa4
- 9629c55914fa808bb8bcbf37a0aa3c912935a69c
- 654bf2dbe9d6b043b8ae144ead01a994508b735d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.