Rewterz Threat Alert – FormBook Malware

Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs

November 8, 2022

Rewterz Threat Alert – Amadey Botnet – Active IOCs

November 8, 2022

Rewterz Threat Alert – FormBook Malware – Active IOCs

Severity

Medium

Analysis Summary

Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.

Impact

Credential Theft
Sensitive Data Theft
Keystroke Logging

Indicators of Compromise

IP

62[.]108[.]40[.]71

MD5

7741c5e8e90393d32d38f47e1124e747

SHA-256

7d7da29f205e89e0cc151943060db1a22b15b95fe5471a83cfd4f3527283d77d

SHA-1

db9fc93a7da83c731fa5106ba2364c10deb47ec8

URL

http[:]//62[.]108[.]40[.]71/new/PT03605160[.]exe

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs

Rewterz Threat Alert – Amadey Botnet – Active IOCs

Rewterz Threat Alert – FormBook Malware – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

IP

MD5

SHA-256

SHA-1

URL

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan

Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs

Rewterz Threat Alert – Amadey Botnet – Active IOCs￼

Rewterz Threat Alert – FormBook Malware – Active IOCs

Severity

Analysis Summary

Impact

Indicators of Compromise

IP

MD5

SHA-256

SHA-1

URL

Remediation

Saudi Arabia

UAE

Oman

Pakistan

Rewterz Threat Alert – Amadey Botnet – Active IOCs