Rewterz Threat Alert – APT MustangPanda – Active IOCs

September 17, 2021

Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities

September 19, 2021

Rewterz Threat Alert – FormBook Malware – Active IOCs

September 17, 2021

Severity

Medium

Analysis Summary

FormBook is an information-stealer malware that has been active since 2016. The info-stealer malware’s capabilities include stealing credentials, capturing screenshots of victim’s desktop, monitoring clipboard, keystroke logging, clearing browser cookies, downloading and executing files, uploading and removing bots, launching commands via ShellExecute, downloading and unpacking ZIP archive, rebooting and shutting down the system. The attackers behind these email campaigns used a variety of distribution techniques to deliver the FormBook info-stealer, including PDFs, Office Documents, ZIP, RAR, etc. Some of these files are related to quotation requests.

Impact

Credential theft
Keystroke logging
Data Theft

Indicators of Compromise

MD5

9506dccbc8976701e87104cdf2793d51
fd4046c1d1480798bd4a8fb48e9534ac
3ff21efbef547a1083c8ffaf2f21fbd2

SHA-256

3b6636d54d3798272a9b5dfff832e7686f8fc9f83ccf9298c7f30ba1fc91ddd6
264de686a45da08d2a7061c948a3fd59619a218eafb26788639d8442981fe4d2
c83f6916b9e38f13b1d43a22d26109c58202cf83e772e9cb1517be3ec1e2cc43

SHA-1

0154d566ac58472c87b6218cdb7848cf96766422
7c39329f075eb90b05fbc594389f5b739929b7b2
9ddc352ac3cd4245ad95722834e95ea82339b3cc

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us