March 20, 2025

March 20, 2025

CVE-2025-24071 – Microsoft Windows Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 19, 2025

DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 19, 2025

CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 20, 2025

CVE-2025-24071 – Microsoft Windows Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 19, 2025

DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 19, 2025

CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

January 24, 2023

Rewterz Threat Alert – Quasar RAT – Active IOCs

January 24, 2023

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

January 24, 2023

Severity

Medium

Analysis Summary

Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed in many forms, most notably via phishing attempts. AgentTesla is renowned for stealing data from a variety of target workstations’ apps, including browsers, FTP clients, and file downloaders. Agent Tesla grabs data from the victim’s clipboard, logs keystrokes, captures screenshots, and gains access to the victim’s webcam. It has the ability to terminate running analytic programs and anti-virus applications. In an attempt to disguise its capabilities and activities from researchers, the malware also runs simple checks to see if it is operating on a virtual machine or in debug mode.

Impact

Sensitive Data Theft
Credentials Theft

Indicators of Compromise

MD5

f77278a5e4b10dd038f6a02b64a90a38
f26e56bfd4a5c76485476c6b3fc6b628
c9fcec503120425407b2dd5d184f73b8

SHA-256

177d316e84df08f76dbb0105fe4dd077b2f9c6ed58e5d504b007c7aec2a091da
0a56ed5d61b0b243461a159092dd8a1e26b801716c372c2762077477934e8ff0
c0d4f64cd34ebb88660c8d6d6e531db559b8d69f608ddedf4ed151dba01e4383

SHA-1

f99d919a3a92e63ee7425752b90e10b6ef922387
42e3f05104072a137cbca180832619993fd5da28
4061cd88413b4b4b5e19f891bf81849095ba9a95

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2025-24071 – Microsoft Windows Vulnerability

DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs

CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2025-24071 – Microsoft Windows Vulnerability

DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs

CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – SmokeLoader Malware – Active IOCs

Rewterz Threat Alert – Quasar RAT – Active IOCs