Rewterz

Rewterz Threat Advisory –CVE-2021-30591 – Google Chrome Security Vulnerability

August 12, 2021
Rewterz

Rewterz Threat Alert –Dharma Ransomware – Active IOCs

August 12, 2021

Rewterz Threat Alert –XLoader Malware – Active IOCs

Severity

High

Analysis Summary

Xloader Malware is next in line to another well-known Windows-based info stealer called Formbook that’s known to void credentials from web browsers and other web-based applications, gather screenshots, log keystrokes, and execute files from attackers controlled domains. Xloader is distributing via spoofed emails containing malicious file attachments of Microsoft documents and infecting about 69 countries. Between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.

update-1628750258.png

Impact

  • Credential Theft
  • Infostealer
  • Keylogging

Indicators of Compromise

SHA-256

  • e8ec283990b2708cd8f2fab9851f033faa727881b630ea4d32d57217096a884b

URL

  • http[:]//3[.]250[.]217[.]244/www

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.