Rewterz

Rewterz Threat Advisory – A New RAT Exploiting an Old Oracle WebLogic Server Vulnerability

October 14, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-16898 – Windows TCP/IP Remote Code Execution Vulnerability

October 15, 2020

Rewterz Threat Alert – Latest Agent Tesla IOCs

Severity

Medium

Analysis Summary

AgentTesla is known for stealing data from different applications on victim machines, such as browsers, FTP clients, and filedownloaders. Agent Tesla collects personal information from the victim’s machine, steals data from the victim’s clipboard,can log keystrokes, capture screenshots and access the victim’s webcam.It can kill running analysis processes and AVsoftware. The spyware also performs basic actions to check whether it is running on a virtual machine or in debug mode, inan attempt to hide its capabilities and actions from researchers. All the data it obtains is sent in encrypted form via SMTP protocol.

Impact

  • Information theft 
  • Exposure of sensitive data

Indicators of Compromise

URL

  • http[:]//23[.]95[.]13[.]131/osinachi[.]exe
  • http[:]//23[.]95[.]13[.]131/jesu[.]exe
  • https[:]//u[.]teknik[.]io/i7JYr[.]jpg
  • http[:]//104[.]161[.]77[.]84[:]444/mike[.]exe
  • http[:]//149[.]202[.]110[.]58/one[.]exe
  • http[:]//149[.]202[.]110[.]58/mr[.]exe

Remediation

  • Block all threat indicators at your respective controls.
  • Search for existing IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.