Rewterz Threat Update – Cloudflare Targeted By The Same Hackers Behind Twilio Breach

August 11, 2022

Rewterz Threat Advisory – CVE-2022-30190: Follina Vulnerability (MSDT) – Active IOCs

August 12, 2022

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

August 12, 2022

Severity

Medium

Analysis Summary

Malspam is being used to target victims in an Agent Tesla campaign. Since its initial appearance in 2014, this has been
deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of
target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s
clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate
running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from
researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.

Impact

Sensitive Data Theft
Credentials Theft

Indicators of Compromise

MD5

a6a3c4ea34a7baeaf0274c1ae525cecf
2a48ec879a77e5275d9a3af23dc6d7e4
3df135d576369bdbeb9f82acf8e3f6e8

SHA-256

23a35398762ada043e786e23bc31ad984111fa60e5578750cb318d166ddc5616
b092a2fd150756d5cf64c40ddfe6d02b69f9bffb4978950dd4d0307585309619
f0b48611124c4ad2207a7676848ce0c7174d9019df697f6f67f54f6e6102f868

SHA-1

54fc02bdb7c18b082c9a79893aee9b1e586096d6
34c8349b60dff6e11e3789878217762d3987761a
05cbc33b3dc6f3e7fd943284b150cbbf248bc904

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Remcos RAT – Active IOCs

Multiple Dell BSAFE SSL-J Vulnerabilities

Multiple Microsoft Windows Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us