Rewterz

Rewterz Threat Advisory – Multiple EOL And NAP Vulnerabilities

October 5, 2021
Rewterz

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

October 5, 2021

Rewterz Threat Alert – Jupyter trojan – Active IOCs

Severity

High

Analysis Summary

The Jupyter infostealer malware campaign, which was just discovered, is targeting businesses and higher institutions in an apparent attempt to steal usernames, passwords, and other confidential information as well as install a persistent backdoor on victim systems. The attack primarily targets data from the Chromium, Firefox, and Chrome browsers, but it also has the capacity to open a backdoor on infected systems, allowing attackers to run PowerShell scripts and commands, as well as download and execute further malware. The Jupyter installer is hidden inside a zipped file, with Microsoft Word icons and file titles that appear to be important documents, travel details, or a pay raise that need to be opened right away.

Impact

  • Keystroke Logging
  • Credential Theft
  • Data Theft

Indicators of Compromise

SHA-256

  • 47186f3c82d9657dfd535d8b1969adb22896fd2ceb0882fd4b258c7741d11025
  • ea2eda0b349853a51a8897f5725d4a450d5f21282855c0fb19ff93503c32f209
  • dbbf3e366ed30c9c2a4dac40edbd2f713f20bea11fca1c60a84a202f3fe620c9
  • dbf9443edd9486b8eb05b9162ba6f1d8cb57c172bb7f7c95aa649cca2aa4f9f4
  • 135f759dc7ad0e362daf28ca7448b8f3b18035b7f5a1fbb8c72aa379a13a5882
  • 2c995b6f4a179aa29b0a8ee55253d7e4d31999d9f9d35bd87637cdf405a34a99
  • 46bb39529c8ef2db3ed2ca78e6d71922532dcacbec220b4f9c9b7546d1620445
  • deb8b541a72bb449824a863018f18c906efbb11120f82ef1fc03b0a66de14d68
  • d72bcef17db8e3ce6ea6696dbcc83a932ecaa55192aa10c8415fd3a359ee22f0
  • 7515a4934d25c2750d0a82856484f633bdb69466e1ba0fe1eb4399ebd0cd27f3
  • 9b32cddf654a32a802c9bf96b6d6179ed19d17a84fb3cf9ab47476bd3084ac5f
  • 3c9699228901eeb76cefbf59a27a412c372311ec2aad732f68dd1fca3225d616
  • 84b97f9937374bb9258210a261e0f3433041102877536a944e1e85a3f4355ac9
  • 0dc7d157204dce10543c864cf269fba0a81db6f2fe5522edbbcacf0daf9ba9a5
  • 377a8218759e05f7183bcec90a7e7b8bad1fae9d7160634a955b5db5463d5886
  • a310ad31a27a0032a94b19caed8d861f7416447c9268140d5e362b496fca575f
  • 5fda0b77abc880866f3e86c54e2c1f66b6feeeba7de938861372bdcd7d725c49
  • 5d2a53ffb63bfea03a5d18a1e617e0fcd38dbf953cc449a7526bb7ccc2b929cc
  • 1e97bf13eeab98c89164804a6b656a99c9905c70eb1dad88581f790162c0b745
  • 76278eda7bb38e85ba45ea500f1b4c5e727757bb4052ca2a605d7ff12b3d2d4c
  • fd413392f01f7bce9c0749f6853edd8fe1576aa0be60b3c843946f18baced19f
  • 81f0c9fff344742455596a5062fd6875b28bd9981469575164df942f1c9ad2b2
  • f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9
  • 4461eced229c6ccf66cac33632805021ea64520030cef27a7d6f265245861c1e
  • 27db578f73287a1e509e92e7d608b3df5ec3e89e363c3d54bb4611f9a2fa2f52
  • d4dfe32f836d0c013cdd975786be668887782c17aa20951a5d3cc11ae68bbed7
  • 21eb41b900295e008e50cb71fceb57c46c87e11c911d43e37dbc96a622c7b5d4
  • 18b5eb43f6399b223648aea1be73b27ef2386f30972f072aa292ca71455b34fc
  • cf405665af703e9754b9a0f408c7c7f3b907e8f79289e5acb791eac19b5dabbd
  • 980c8c0007a133e578d5e57beefc51c88e36bd459e8b2587cf70f9f63f472ed3
  • 922583164ab90a1ec880e0e1406e36a0056f61fa99d458ca53c6d389c0e61059
  • 5a789da7f5a24b3812dae8ef701deaeea9f66e341aa62bbc71b69041dacafdfa
  • 56f1a026aaca780d3701f2b5a4b5982521223e89e15f9d761a2088fe009a412a
  • 1cbe03ff6ba8d1425a212ea502672233d6d83f80cbe3745e4b80f68d4fd7d419
  • ef0f357c9da4ba06685a0dc27497ccc8958507ffa407a13fcec3f19c0852751a
  • 5340a91e4218dced9739750f26d152e919641f4582835258b95d865eeabce52d
  • aa60a608042fab1c28287e90451896b4bd9ebc7ce660c7bb4d909de260311238
  • 0ee182b786f161ec27b531597286b39a51884107c68e70ccd198bf3599d12b87
  • d8473c5662d386d430b67b86e48abd7505685b1d96c7f132933b7c44b6365f03
  • b98f5852446a22f31be33e8589a7c5ed41d46b73242e7cedcf3a7b825635358a
  • b3bc2a03ade0654b2c3456006c41048f9933ea425d173cdd0b76abebc9af3904
  • 20edea881d7455d3dbf46c8cf71333aba74b12790043e3e4bc9aef8f951b2315
  • 45016a88f0d2efa414caa726716401c9bfa568e0c06621005c23aeb6a5361144
  • 308584ba5785009fb3b73f1446afaac494813c66febb5c44cc33aecfb69a6ecc
  • e658586a3cfe242eddb127be0f24ad5415083f571c987203ae80f1c445f287d5
  • 43b0580598b56aba052498b85ed3f92ec9b73a61c7d35d36e85d34469fe37cf1
  • 2c12df6dc272891d073ca0e2978347ff71678e0d904ff7fe8e31699bb1dbd53e
  • 57c7579f74b7726c6128728e45932e1b2f02a42898fa49b3e64d9cdd485d9b62
  • 7ffd153bf430aef6296bf7082d562256d5864ab1ee6861a2cdc014290f4a3907
  • 97cebd4305658a90827a2a0300112b777046849412ed61cd49be42068633c33f
  • 4d163a589dc77c8415472645a7ef75b52a6dad54e50c5519a399eae1de80ff97
  • 64c7dfdc7204d44cc4ed00157063718d77a0326b411ae656a41270697ce4aa76
  • 701c6662fe7d5ec3cb758f6eb77a28440f1f603d8a4264c9ecf6a71930571460
  • 4a7d40d2834a67be3e6eaa6aad2578336801a4819bafa4e912065863c8cd6608
  • 2b7186bb53f0dde5b44dafc2f85caddc16a13e0a8ccf552e35d667cca0de8825
  • 03450805d3988f534cb982f40437c91db70e56cf4e2d42d04c1b1ed20b22a990
  • ec46cb54d17a7a1552c0a4a0be9138e9e1ce703f9b7d4223edb29d360332924f
  • f09d0c9546453248a993c9676a7bac72082d631a664b302846feee5937e1b273
  • 7e7a4bf3b5989bacb91599963dd38c89fe89d2f0930ee252ba717bfd7586f3b4
  • 4183cef578d4fff8889dff22634a803ff9295bd907564f377c17e5700cf8aa8e
  • 51e403f5df931eb2827973bf98f661d32a57489db7b379ea15d620969786f4d4
  • fe4c17ecfb1a78f03adda915e3302fa49014b7809a211705450d00572be2e092
  • d961767f47ebe3ade33fa3c11e391d9fea73b3187b4a87fc0bc4e1abb6c0ae80
  • 3b6028f6631325c1ca4f1c101850bdbfb130301a53429c08596649f3c9131098
  • 78a8fc679dfacde8bd63ecd0ef2d1f3b30957722f2715f8acc6f179c328dd751
  • b0ccabc9cca0811f9a531701a73ba44e0b658cec7aaa561abb439cc1c219c86c
  • 6758d03d488b2e83190fc8464229efef12082bb0167eaaa0cd0c0de0581abdbd
  • d70f50a80449166ecccfa2c7a4a9d6c6dfbbf0c32683b6a3b1584f5237e1388c
  • 3e9b54a4345e5732c37a771d817b67d6ada25dba58095832575d017afbf8d991
  • a2057e4e97877095fb856752f7fe07d8ee77804c7b8a49f1a67edac656652057
  • b8ab01e1c3ec42d750735883ad3a5b01620983f400041af7bae6df12089d2aa3
  • 81854e1f752241da97968deaec1d81ef15083c6157348894f28789dfb87582fb
  • 44b10f2b36282e4b5b7b5aa1800aa51bbc8dd3be96b47e0ad0633555e9dd9bbc
  • ddb88c5fd9c197d1517307c98fda52c1ee77b87a364c0e9c8629991c7c653aae
  • a977d6a442cf0fb86e1c9da161a2a90d0b918d6d9414ec0a8437bf9c489cee6b
  • 14ed350fee88a26fe790281981c7eda63c43767cea3218129ce237466e04876f
  • 3e6c357f966fcd1783e6bb0c6f4387430d93c97ab31241abb240b65a1d443a65
  • 32b2c5e6cb21ec3f0e2b340f2135fc45f553ad03fa138f1b21ce68a626af3f81
  • 530ae1b241baa913b6b9e8d86c63af2a91fb24e60e2099b4ba20dfeefa81023a
  • 7298bd3da374b883eea2f86e41a9269f451dc49968d58f2cf7894d6b65abd438

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Do not download files attached in untrusted emails.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.