Rewterz Threat Advisory – Multiple EOL And NAP Vulnerabilities

October 5, 2021

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

October 5, 2021

Rewterz Threat Alert – Jupyter trojan – Active IOCs

October 5, 2021

Severity

High

Analysis Summary

The Jupyter infostealer malware campaign, which was just discovered, is targeting businesses and higher institutions in an apparent attempt to steal usernames, passwords, and other confidential information as well as install a persistent backdoor on victim systems. The attack primarily targets data from the Chromium, Firefox, and Chrome browsers, but it also has the capacity to open a backdoor on infected systems, allowing attackers to run PowerShell scripts and commands, as well as download and execute further malware. The Jupyter installer is hidden inside a zipped file, with Microsoft Word icons and file titles that appear to be important documents, travel details, or a pay raise that need to be opened right away.

Impact

Keystroke Logging
Credential Theft
Data Theft

Indicators of Compromise

SHA-256

47186f3c82d9657dfd535d8b1969adb22896fd2ceb0882fd4b258c7741d11025
ea2eda0b349853a51a8897f5725d4a450d5f21282855c0fb19ff93503c32f209
dbbf3e366ed30c9c2a4dac40edbd2f713f20bea11fca1c60a84a202f3fe620c9
dbf9443edd9486b8eb05b9162ba6f1d8cb57c172bb7f7c95aa649cca2aa4f9f4
135f759dc7ad0e362daf28ca7448b8f3b18035b7f5a1fbb8c72aa379a13a5882
2c995b6f4a179aa29b0a8ee55253d7e4d31999d9f9d35bd87637cdf405a34a99
46bb39529c8ef2db3ed2ca78e6d71922532dcacbec220b4f9c9b7546d1620445
deb8b541a72bb449824a863018f18c906efbb11120f82ef1fc03b0a66de14d68
d72bcef17db8e3ce6ea6696dbcc83a932ecaa55192aa10c8415fd3a359ee22f0
7515a4934d25c2750d0a82856484f633bdb69466e1ba0fe1eb4399ebd0cd27f3
9b32cddf654a32a802c9bf96b6d6179ed19d17a84fb3cf9ab47476bd3084ac5f
3c9699228901eeb76cefbf59a27a412c372311ec2aad732f68dd1fca3225d616
84b97f9937374bb9258210a261e0f3433041102877536a944e1e85a3f4355ac9
0dc7d157204dce10543c864cf269fba0a81db6f2fe5522edbbcacf0daf9ba9a5
377a8218759e05f7183bcec90a7e7b8bad1fae9d7160634a955b5db5463d5886
a310ad31a27a0032a94b19caed8d861f7416447c9268140d5e362b496fca575f
5fda0b77abc880866f3e86c54e2c1f66b6feeeba7de938861372bdcd7d725c49
5d2a53ffb63bfea03a5d18a1e617e0fcd38dbf953cc449a7526bb7ccc2b929cc
1e97bf13eeab98c89164804a6b656a99c9905c70eb1dad88581f790162c0b745
76278eda7bb38e85ba45ea500f1b4c5e727757bb4052ca2a605d7ff12b3d2d4c
fd413392f01f7bce9c0749f6853edd8fe1576aa0be60b3c843946f18baced19f
81f0c9fff344742455596a5062fd6875b28bd9981469575164df942f1c9ad2b2
f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9
4461eced229c6ccf66cac33632805021ea64520030cef27a7d6f265245861c1e
27db578f73287a1e509e92e7d608b3df5ec3e89e363c3d54bb4611f9a2fa2f52
d4dfe32f836d0c013cdd975786be668887782c17aa20951a5d3cc11ae68bbed7
21eb41b900295e008e50cb71fceb57c46c87e11c911d43e37dbc96a622c7b5d4
18b5eb43f6399b223648aea1be73b27ef2386f30972f072aa292ca71455b34fc
cf405665af703e9754b9a0f408c7c7f3b907e8f79289e5acb791eac19b5dabbd
980c8c0007a133e578d5e57beefc51c88e36bd459e8b2587cf70f9f63f472ed3
922583164ab90a1ec880e0e1406e36a0056f61fa99d458ca53c6d389c0e61059
5a789da7f5a24b3812dae8ef701deaeea9f66e341aa62bbc71b69041dacafdfa
56f1a026aaca780d3701f2b5a4b5982521223e89e15f9d761a2088fe009a412a
1cbe03ff6ba8d1425a212ea502672233d6d83f80cbe3745e4b80f68d4fd7d419
ef0f357c9da4ba06685a0dc27497ccc8958507ffa407a13fcec3f19c0852751a
5340a91e4218dced9739750f26d152e919641f4582835258b95d865eeabce52d
aa60a608042fab1c28287e90451896b4bd9ebc7ce660c7bb4d909de260311238
0ee182b786f161ec27b531597286b39a51884107c68e70ccd198bf3599d12b87
d8473c5662d386d430b67b86e48abd7505685b1d96c7f132933b7c44b6365f03
b98f5852446a22f31be33e8589a7c5ed41d46b73242e7cedcf3a7b825635358a
b3bc2a03ade0654b2c3456006c41048f9933ea425d173cdd0b76abebc9af3904
20edea881d7455d3dbf46c8cf71333aba74b12790043e3e4bc9aef8f951b2315
45016a88f0d2efa414caa726716401c9bfa568e0c06621005c23aeb6a5361144
308584ba5785009fb3b73f1446afaac494813c66febb5c44cc33aecfb69a6ecc
e658586a3cfe242eddb127be0f24ad5415083f571c987203ae80f1c445f287d5
43b0580598b56aba052498b85ed3f92ec9b73a61c7d35d36e85d34469fe37cf1
2c12df6dc272891d073ca0e2978347ff71678e0d904ff7fe8e31699bb1dbd53e
57c7579f74b7726c6128728e45932e1b2f02a42898fa49b3e64d9cdd485d9b62
7ffd153bf430aef6296bf7082d562256d5864ab1ee6861a2cdc014290f4a3907
97cebd4305658a90827a2a0300112b777046849412ed61cd49be42068633c33f
4d163a589dc77c8415472645a7ef75b52a6dad54e50c5519a399eae1de80ff97
64c7dfdc7204d44cc4ed00157063718d77a0326b411ae656a41270697ce4aa76
701c6662fe7d5ec3cb758f6eb77a28440f1f603d8a4264c9ecf6a71930571460
4a7d40d2834a67be3e6eaa6aad2578336801a4819bafa4e912065863c8cd6608
2b7186bb53f0dde5b44dafc2f85caddc16a13e0a8ccf552e35d667cca0de8825
03450805d3988f534cb982f40437c91db70e56cf4e2d42d04c1b1ed20b22a990
ec46cb54d17a7a1552c0a4a0be9138e9e1ce703f9b7d4223edb29d360332924f
f09d0c9546453248a993c9676a7bac72082d631a664b302846feee5937e1b273
7e7a4bf3b5989bacb91599963dd38c89fe89d2f0930ee252ba717bfd7586f3b4
4183cef578d4fff8889dff22634a803ff9295bd907564f377c17e5700cf8aa8e
51e403f5df931eb2827973bf98f661d32a57489db7b379ea15d620969786f4d4
fe4c17ecfb1a78f03adda915e3302fa49014b7809a211705450d00572be2e092
d961767f47ebe3ade33fa3c11e391d9fea73b3187b4a87fc0bc4e1abb6c0ae80
3b6028f6631325c1ca4f1c101850bdbfb130301a53429c08596649f3c9131098
78a8fc679dfacde8bd63ecd0ef2d1f3b30957722f2715f8acc6f179c328dd751
b0ccabc9cca0811f9a531701a73ba44e0b658cec7aaa561abb439cc1c219c86c
6758d03d488b2e83190fc8464229efef12082bb0167eaaa0cd0c0de0581abdbd
d70f50a80449166ecccfa2c7a4a9d6c6dfbbf0c32683b6a3b1584f5237e1388c
3e9b54a4345e5732c37a771d817b67d6ada25dba58095832575d017afbf8d991
a2057e4e97877095fb856752f7fe07d8ee77804c7b8a49f1a67edac656652057
b8ab01e1c3ec42d750735883ad3a5b01620983f400041af7bae6df12089d2aa3
81854e1f752241da97968deaec1d81ef15083c6157348894f28789dfb87582fb
44b10f2b36282e4b5b7b5aa1800aa51bbc8dd3be96b47e0ad0633555e9dd9bbc
ddb88c5fd9c197d1517307c98fda52c1ee77b87a364c0e9c8629991c7c653aae
a977d6a442cf0fb86e1c9da161a2a90d0b918d6d9414ec0a8437bf9c489cee6b
14ed350fee88a26fe790281981c7eda63c43767cea3218129ce237466e04876f
3e6c357f966fcd1783e6bb0c6f4387430d93c97ab31241abb240b65a1d443a65
32b2c5e6cb21ec3f0e2b340f2135fc45f553ad03fa138f1b21ce68a626af3f81
530ae1b241baa913b6b9e8d86c63af2a91fb24e60e2099b4ba20dfeefa81023a
7298bd3da374b883eea2f86e41a9269f451dc49968d58f2cf7894d6b65abd438

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Do not download files attached in untrusted emails.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Remcos RAT – Active IOCs

Multiple Dell BSAFE SSL-J Vulnerabilities

Multiple Microsoft Windows Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Remcos RAT – Active IOCs

Multiple Dell BSAFE SSL-J Vulnerabilities

Multiple Microsoft Windows Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple EOL And NAP Vulnerabilities

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs