Rewterz Threat Alert – Lokibot – Active IoCs
December 10, 2020Rewterz Threat Alert – NjRAT Leverages PasteBin for Second Stage Payload
December 11, 2020Severity
High
Analysis Summary
Following the FireEye hack and theft of their red team tools, FireEye provided a list of CVEs in their blog to allow customers to assess their vulnerability to the tools. Those IoCs are given below.
As part of this disclosure, FireEye also released a repository of signatures/rules designed to detect the use of these tools across a variety of detection technologies.
| CVE | Product |
|---|---|
| CVE-2019-11510 | Pulse Secure |
| CVE-2020-1472 | Netlogon (Windows) |
| CVE-2018-13379 | Fortinet FortiGuard FortiOS |
| CVE-2018-15961 | Adobe ColdFusion |
| CVE-2019-0604 | Microsoft SharePoint |
| CVE-2019-0708 | Microsoft Remote Desktop Services |
| CVE-2019-11580 | Atlassian Crowd and Crowd Data Center |
| CVE-2019-19781 | Citrix Application Discovery Controller and Citrix Gateway |
| CVE-2020-10189 | Zoho ManageEngine Desktop Central |
| CVE-2014-1812 | Group Policy implementation in Microsoft Windows |
| CVE-2019-3398 | Confluence Server and Data Center |
| CVE-2020-0688 | Microsoft Exchange |
| CVE-2016-0167 | Microsoft Windows |
| CVE-2017-11774 | Microsoft Outlook |
| CVE-2018-8581 | Microsoft Exchange Server |
| CVE-2019-8394 | Zoho ManageEngine ServiceDesk Plus |
Impact
Multiple
Affected Products
Multiple
Remediation
Patch these vulnerabilities as soon as possible.