February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 16, 2022Rewterz Threat Alert – Russian Nation-State Actors Exploiting MFA Protocols and PrintNightmare – Russian-Ukrainian Cyber Warfare
March 16, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
March 16, 2022Rewterz Threat Alert – Russian Nation-State Actors Exploiting MFA Protocols and PrintNightmare – Russian-Ukrainian Cyber Warfare
March 16, 2022
Severity
Medium
Analysis Summary
Since 2016, FormBook has been active as a data-stealing malware that affects 4% of enterprises in 2020. It tracks and monitors keystrokes, finds and accesses files, takes screenshots, harvests passwords from various browsers, drops files, downloads, and executes stealthier malware in response to orders from a command-and-control server (C2). The cybercriminals behind these email campaigns used a variety of distribution techniques to deliver this malware, including PDFs, Office Documents, ZIP, RAR, etc.
Impact
- Credential theft
- Keystroke logging
- Data Theft
Indicators of Compromise
MD5
- 239ce4f126d4cb8882d12e66e1dbb9ce
- 96a57f972a1b847e6a6115ca4733d85e
- b4cdb175187010a16ab91cc92137d1cc
- b7d8ad625a8c5321f34a3952afa3563b
SHA-256
- 085110f2c00a416220b4430ff77cb8169f85db7d282f330db50d4831506e82e5
- e1589588b95e03844e0f5ccae574e722d68351c867b8535cd3df9467d381cdbb
- 8d6fcc0c461c48ee2da0b00354d946342c3521662cafc0b0d519b5d875279939
- 41052b2fbebd33434878b18c4b3fdedcc71ed062357fff97a97737440b633853
SHA-1
- c9ce5d24d50e1f16decddfe48bb9db87c5dbaa87
- b3b4a8cc0996a25324c2252bcdbccb89b6189986
- c806f0f7c5963d65051acf44cae02d2f8ba00d87
- 1a3f74f3829bd950455c1c65e804d919d05ed617
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.