February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Trend Micro Apex Vulnerabilities
October 20, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
October 20, 2021Rewterz Threat Advisory – Multiple Trend Micro Apex Vulnerabilities
October 20, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
October 20, 2021
Severity
High
Analysis Summary
Spyware.Vidar is a product that offers threat actors the option to set their preferences for the stolen information. Besides credit card numbers and passwords, Vidar can also scrape an impressive selection of digital wallets. This spyware can be spread using various campaigns. Vidar, which originally became active in late 2018, is a family of malware that operates primarily as an information stealer and is often observed as a precursor to ransomware deployment. It enables the capture and exfiltration of data from a system, including system information, browser data, and credentials.
Impact
- Data Exfiltration
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- a395af3db4f82f425bba5f5c27ef6a8e
- 13003cbfb6d2adfeea85952f8172c4f7
- d9c2993126c94ccfd546f3a9f3f84ab5
- be89eef16c6bff3aeba20d44c6fdd929
SHA-256
- b8d2d5095e10c9f0c52a6eeb3ecf6ff52858bdb21037749943a8f38d0da36724
- 9c8590c7165b453dd0792be3cf51e200961a1ed9cf1154768ee86f7018db8fd9
- 77ce302fda0f50d3ecbf90a2a66820038e92d191022be38b1ffe3988a8b8d3d2
- c7cd466599c4d2052661164355ab037a917291751887e7ce1aaed1cfe035017b
SHA-1
- 620b20a9debb96649f692c57697cb138761c0699
- e5ef2dd654b50ed7be455cbe7aaabaa7acaedc80
- 9fd3a5ef9d341b95352394d3795cd4efbb23c62f
- d44f6f4e6fe33b0e7cba06d158c06d91c3f641aa
URL
- https[:]//searcer[.]x24hr[.]com/a/soleApp11[.]exe
- http[:]//136[.]144[.]41[.]229/gJCbU1V9y2[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.