Skip to main content

Retefe Banking Trojan

Retefe is a banking Trojan which has been identified targeting organisations within the UK. he malware has been around for some time, however, it has never been very prominent when compared to the likes of Dridex.
Threat ID:
CC-1662
Category:
Spyware, Trojan
Threat Severity:
Medium
Threat Vector:
Email spam
Published:
25 September 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Retefe is a banking Trojan which has been identified targeting organisations within the UK. he malware has been around for some time, however, it has never been very prominent when compared to the likes of Dridex.

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

Microsoft Windows - All Versions.

Threat details

Retefe is typically distributed by malicious spam emails. The emails contain a malicious Word document containing an Object Linking and Embedding (OLE) object which is used to download an executable payload from a remote server. Retefe has been updated by the malicious actors to include the EternalBlue exploit.

Remediation steps

Type Step
  • Make sure that Server Message Block (SMB) is not internet facing
  • Make sure that patches have been applied for CVE-2017-0144.
  • Consider disabling SMB where appropriate. Where SMB is enabled, ensure that it is properly authenticated.
  • Make sure malware definitions are kept up-to-date.
  • Monitor network and proxy logs for suspicious activity.

CVE Vulnerabilities

Status

CVE-2017-0144

Last edited: 17 February 2020 11:38 am