Rewterz Threat Alert – Jupyter trojan – Active IOCs

Severity

Medium

Analysis Summary

Jupyter aka Solarmaeket, was first discovered at the end of 2020. This infostealer targeted businesses and higher institutions in a prominent attempt to steal usernames, passwords, and other confidential information as well as install a persistent backdoor on victim systems. The attack primarily targets data from the Chromium, Firefox, and Chrome browsers, but it also has the capacity to open a backdoor on infected systems, allowing attackers to run PowerShell scripts and commands, as well as download and execute further malware. The Jupyter installer is hidden inside a zipped file, with Microsoft Word icons and file titles that appear to be important documents like travel details, a pay raise, or others

The Jupiter attack victims may experience financial loss, data loss, identity theft, the installation of other malware with more capabilities on their systems, problems with online privacy and surfing safety, and other problems.

Impact

• Keystroke Logging
• Credential Theft
• Data Theft

Indicators of Compromise

MD5

• d7000e43ee8dd009799148610634c98b
• 3da3e456c3086fb41f2e8d2d4f99efc4

SHA-256

• d5d9368aa2419cdecd951091cddfc9227ab49fb554e53099378a2ef7aae5a012
• 2b44f71679de3d157bcbdeeac04c0589ae73ea5fbbcebddc3aee19cbe20bbcbb

SHA-1

• 7e5731bec1fef629a23b59afa12ea52535faa76c
• 027a425d57da3355e7a1b69d31fbc84497b5082c

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.
• Do not download files attached in untrusted emails.