Rewterz Threat Alert – Adobe Flash Malicious APK

November 30, 2020

Rewterz Threat Alert – APT C-23 Highly Active

December 1, 2020

Rewterz Threat Alert – Alert on Gozi Banking Trojan

November 30, 2020

Severity

High

Analysis Summary

Originally a small banking Trojan, Gozi has undergone massive changes in the number of variants available to threat actors. Operating continuously since 2007, Gozi has infected millions of machines and done untold damage to all types of industries and users. At its core, Gozi variants carry similar traits across the board. Some of the similarities between versions are strings
contained within the binary’s .bss section, man-in-the-browser attack, specific C2 check-in format, obfuscation of the C2 check-in, keylogging, email, FTP, IM accounts data and certificate grabbing, among others.

Gozi banking Trojan co-author pleads guilty – Naked Security

Impact

Data breach
Exposure of sensitive data
Financial loss

Indicators of Compromise

MD5

c8392d93a1f064a53abb61887cad409b

SHA-256

07a73fb70fa63ff53d091c68cb1e5728314ff7b479ca695050173faf3f8f5ea2

SHA1

20c77abcc1e3904bf337af924200d63aaa012b1b

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

Malware Alert: MUT-9332 Infects Solidity Devs Through VS Code – Active IOCs

Chrome Vulnerabilities Allow Remote Execution of Malicious Code

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Adobe Flash Malicious APK

Rewterz Threat Alert – APT C-23 Highly Active

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.