Rewterz Threat Alert – FIN7 Returns with Spyware Targeting MacOS

Rewterz Threat Alert – TA505 Packed Samples – IoCs

December 16, 2020

Rewterz Threat Alert – Active IOCs- FormBook Malware

December 17, 2020

Rewterz Threat Alert – FIN7 Returns with Spyware Targeting MacOS

Severity

High

Analysis Summary

FIN7 APT groups targeting financial organizations or people with significant financial assets. The group has been active and threat group is characterized by their persistent targeting and large-scale theft of payment card data from victim systems. But FIN7’s financial operations were not limited to card data theft. In some instances, when they encountered and could not obtain payment card data from point of sale (POS) systems, FIN7 pivoted to target finance departments within their victim organizations. This time, FIN7 has returned with a spyware targeting MacOS users with a a python script text executable targeted to get username and password. The group has specifically targeted MacOS users in search of credentials.

Impact

Exposure of data

Indicators of Compromise

MD5

3345c8895486dcdaa93d1db677d11d73

SHA-256

44e95a6a78a80e7ef6f4d92d9708bc04568385304d7a405fa201dfd50be8e172

SHA1

dc434903dd966c6c3835adad88cbf0b6f7fbe0ca

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – TA505 Packed Samples – IoCs

Rewterz Threat Alert – Active IOCs- FormBook Malware

Rewterz Threat Alert – FIN7 Returns with Spyware Targeting MacOS

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan