March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory –CVE-2020-27020 – Kaspersky Password Manager Vulnerability
July 7, 2021Rewterz Threat Advisory –ICS: Multiple Siemens Simcenter Femap Vulnerabilities
July 7, 2021Rewterz Threat Advisory –CVE-2020-27020 – Kaspersky Password Manager Vulnerability
July 7, 2021Rewterz Threat Advisory –ICS: Multiple Siemens Simcenter Femap Vulnerabilities
July 7, 2021
Severity
Medium
Analysis Summary
FormBook is an information-stealer malware that has been active since 2016. The info-stealer malware’s capabilities include stealing credentials, capturing screenshots of victim’s desktop, monitoring clipboard, keystroke logging, clearing browser cookies, downloading and executing files, uploading and removing bots, launching commands via ShellExecute, downloading and unpacking ZIP archive, rebooting and shutting down the system. The attackers behind these email campaigns used a variety of distribution techniques to deliver the FormBook info-stealer, including PDFs, Office Documents, ZIP, RAR, etc. Some of these files are related to quotation requests.
Impact
- Credential theft
- Keystroke logging
- Data Theft
Indicators of Compromise
MD5
- a1cc8c2118aa8000900bbf4bcf272623
- c32025bcdb5f395414464705c115577d
- f3153f7aeae742a3c3280adf4678ddbc
SHA-256
- f365c491faaba01943e7ab894d34fccacbb9d2e8b9bcbe9f6eaf0e47aa420329
- f51577caa562fa4ddbe0882cdc469c1d701515af25662bc66797d79032d0d3ee
- e6240df97fbd4caf6de8daf69465e70b2eeba604738b9b2ae6a978494a614dec
SHA-1
8597817896f8867b90f4743aab7146ea4bfece0d
1e31cb564e3d17f9111bd4f9820c4610d21bb5ce
81b4ea1241190720806dc972fce9f80457ccc6a3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Do not download files attached in untrusted emails.