March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – NetWire RAT Malware – Active IOCs

August 30, 2021

Rewterz Threat Advisory –CVE-2021-36744 – Trend Micro Security Vulnerability

August 31, 2021

Rewterz Threat Alert – Troldesh Ransomware – Active IOCs

August 30, 2021

Severity

High

Analysis Summary

The Troldesh ransomware was detected back in August 2019. The criminals that were behind the attacks were using hacked or specially made sites in order to deliver the infection. When the victims click on them they will automatically launch the dropper script which in turn will lead to the ransomware infection. Troldesh Ransomware carries out a similar attack to most encryption threats. Troldesh is an extremely aggressive crypto-ransomware that originated from Russia and can open a communication channel with victims for payment instructions. Through the opened communication channel, the price that is asked to pay for a file decryption key may be negotiated in some aspects.

Impact

File Encryption

Indicators of Compromise

MD5

78e69723f1442f1b34a74de9430bcdd5
58997a369e34e552ff93b260c4719bf0
02e8c7af3724ff535da627197920ad14
7c8548dc28e0e2b14cfb953f4d2690b3
8b4c5d6e31e1ea1092535caef347772e
ca13f4913d90017fd5cd552b30c25349
27e765ba494c9f2c1228f57455642fdb
13ff5145f905b197eee478e565e30f4e
bb8fce33b3478355c5a6c4f52f6ff83b

SHA-256

62214ccdcb1052b518e6059060daec143430c1ae13a799873ebabea7f3eae217
d23c897e7bb23a6a525d1206dc792f0b81c34b4cce433614c08ce87aecd247fe
ed801a3e54843afe989aadd69cdab5e6fbf00e8e02742f354519b4b16de8f31c
e32998012af31476e39dedb2f725269dbd0a165d74b53a32e5e359da3a01221d
c197da0fda316a92c66744bf13c77891e9f39cc10fbfebc42285a8b4761440b5
25c3a5bf8a33e941286f5f271843a480e4f8669086eac047abdfd6f8d5f96a06
8025918ab649e33642c4eb74c2814397e971d5ab68e631e91649354c8dec2be5
df2894b4298be05620b329d27bf0b45314629316fd6a082b6d90bbdfe9bf5a53
6192163bbb9343a274904093b94d6b12111a88bf24b58cbf9ed2c1463503e022

SHA-1

99988ae1025773dc0ff9028edf700acb1d86f846
1f0b79055c952aaf60799baf5b614331416ccef3
794bd6f52a9673e1146321fa2545c580858c0d5f
e70a729a4bbc5de08fa4461d3ba43098cb17b3b6
0b58bbedb4441f1585a6ce41e1bc53a3ac771c9b
c620800477ad9d2b4e6939847f58ec05aaee0d1d
7dc8e7af1f2edb7cf2e70c4662f2431451829445
5d983937eeb3ce1455eed52bb478c84d54d64f81
81ed80cb69b5c6e65bff71b8c53160a467099475

Remediation

Block all threat indicators at your respective controls
Always be suspicious about emails sent by unknown senders
Never click on the links/attachments sent by unknown senders

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – NetWire RAT Malware – Active IOCs

Rewterz Threat Advisory –CVE-2021-36744 – Trend Micro Security Vulnerability