Threat Advisory

February 5, 2023

Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs

Severity High Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]
February 5, 2023

Rewterz Threat Alert – RedLine Stealer – Active IOCs

Severity High Analysis Summary Redline is an info stealer malware that steals information from web browsers and has the ability to corrupt operating systems by installing […]
February 5, 2023

Rewterz Threat Alert – Chaos Ransomware – Active IOCs

Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
February 4, 2023

Rewterz Threat Alert – Nanocore Rat – Active IOCs

Severity High Analysis Summary The NanoCore remote access Trojan (RAT) was first discovered in 2013 when it was being sold in underground forums. The malware has […]
February 4, 2023

Rewterz Threat Alert – Ursnif Banking Trojan aka Gozi – Active IOCs

Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]
February 3, 2023

Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs

Severity Medium Analysis Summary Snake is a modular .NET keylogger that was first spotted in late November 2020. Snake malware’s main feature is keylogging, but it […]
February 3, 2023

Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs

Severity High Analysis Summary Kimsuky is a North Korean advanced persistent threat (APT) group, also known as “Black Banshee”. The group has been active since at […]
February 3, 2023

Rewterz Threat Advisory – CVE-2023-25012 – Linux Kernel Vulnerability

Severity Medium Analysis Summary CVE-2023-25012  Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in bigben_remove in drivers/hid/hid-bigbenff.c. By attaching a specially […]
February 3, 2023

Rewterz Threat Alert – Chaos Ransomware – Active IOCs

Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
February 3, 2023

Rewterz Threat Advisory – Multiple Zoho ManageEngine Vulnerabilities

Severity Medium Analysis Summary CVE-2023-23076 CVSS:9.8 Zoho ManageEngine Support Center Plus could allow a remote attacker to execute arbitrary commands on the system, caused by a […]
February 3, 2023

Rewterz Threat Advisory – ICS: Delta Electronics DX-2100L1-CN Vulnerability

Severity High Analysis Summary CVE-2023-0432  Delta Electronics DX-2100L1-CN is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the net diagnosis function in […]
February 3, 2023

Rewterz Threat Alert – Royal Ransomware – Active IOCs

Severity High Analysis Summary Royal ransomware is a new and increasingly active ransomware strain that has been causing havoc in the U.S. since its initial discovery […]
February 3, 2023

Rewterz Threat Advisory – CVE-2023-20854 – VMware Workstation Vulnerability

Severity High Analysis Summary CVE-2023-20854 A malicious actor with local user privileges on the victim’s machine may exploit this vulnerability to delete arbitrary files from the file system of […]
February 3, 2023

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
February 3, 2023

Rewterz Threat Alert – Lockbit Ransomware – Active IOCs

Severity High Analysis Summary LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim […]
February 2, 2023

Rewterz Threat Advisory – CVE-2023-0587 – Trend Micro Apex Vulnerability

Severity High Analysis Summary CVE-2023-0587  Trend Micro Apex could allow a remote attacker to upload arbitrary files, caused by improper validation of file extensions by the […]
February 2, 2023

Rewterz Threat Advisory – ICS: Multiple Delta Electronics DOPSoft Vulnerabilities

Severity High Analysis Summary CVE-2023-0124 CVSS:7.8 Delta Electronics DOPSoft could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write […]
February 1, 2023

Rewterz Threat Alert – ModiLoader aka DBatLoader – Active IOCs

Severity Medium Analysis Summary ModiLoader – aka DBatLoader or NatsoLoader – was initially identified in June 2020. It is a two-stage loader that has been seen […]
February 1, 2023

Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity Medium Analysis Summary Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as […]
February 1, 2023

Rewterz Threat Alert – Lazarus (aka Hidden Cobra) APT Group – Active IOCs

Severity High Analysis Summary Lazarus APT is one of North Korea’s most sophisticated threat actors, operating since at least 2009. Initially, they concentrated on South Korea. […]
February 1, 2023

Rewterz Threat Alert – LockBit Ransomware – Active IOCs

Severity High Analysis Summary LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim […]
February 1, 2023

Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs

Severity High Analysis Summary The Oski stealer is a type of malicious software that was originally discovered in November 2019. This successful data-harvesting tool is spreading […]
February 1, 2023

Rewterz Threat Alert – TZW Ransomware – Active IOCs

Severity High Analysis Summary TZW ransomware is a type of malware that employs various tactics and techniques to infect systems and encrypt files for ransom. Here […]
February 1, 2023

Rewterz Threat Alert – North Korean APT Kimsuky Aka Black Banshee – Active IOCs

Severity High Analysis Summary Kimsuky is a North Korean advanced persistent threat (APT) group, also known as “Black Banshee”. The group has been active since at […]

Talk with an Expert

Provide your details to speak with a security expert.
Request a meeting