March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory –Multiple Google Chrome Vulnerabilities
June 18, 2021
Rewterz Threat Advisory – CVE-2020-36282 – IBM QRadar SIEM Vulnerability
June 18, 2021
Rewterz Threat Advisory –Multiple Google Chrome Vulnerabilities
June 18, 2021
Rewterz Threat Advisory – CVE-2020-36282 – IBM QRadar SIEM Vulnerability
June 18, 2021
Severity
Medium
Analysis Summary
Black Kingdom ransomware has been recently observed exploiting a Microsoft Exchange vulnerability. The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) or Big Game Hunting (BGH) families. The ransomware is coded in Python and compiled to an executable using PyInstaller; it supports two encryption modes: one generated dynamically and one using a hardcoded key. Code analysis revealed an amateurish development cycle and a possibility to recover files encrypted with the Black Kingdom with the help of the hardcoded key. The industry already provided a script to recover encrypted files in case they were encrypted with the embedded key.
CVE-2021-26855
Microsoft Exchange Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Impact
- Code Execution
- Unauthorized Access
Indicators of Compromise
MD5
- f8b604ca7aa304a479f2461d1b74e795
- 96c2f4acef5807b54ded4e0dae6ed79d
- aa2efe290df3c38c26c70b1f40f69812
- 832c01c4a1149a793773a2acb39bb10b
- faa5f4def7e037324f5f87239ddead2d
- a5f6b6e95ef8a26081259813ca18e17b
- 20e8e55625f68ed42a793d76d359a858
SHA-256
- b9dbdf11da3630f464b8daace88e11c374a642e5082850e9f10a1b09d69ff04f
- c4aa94c73a50b2deca0401f97e4202337e522be3df629b3ef91e706488b64908
- a387c3c5776ee1b61018eeb3408fa7fa7490915146078d65b95621315e8b4287
- 815d7f9d732c4d1a70cec05433b8d4de75cba1ca9caabbbe4b8cde3f176cc670
- 910fbfa8ef4ad7183c1b5bdd3c9fd1380e617ca0042b428873c48f71ddc857db
- 866b1f5c5edd9f01c5ba84d02e94ae7c1f9b2196af380eed1917e8fc21acbbdc
- c25a5c14269c990c94a4a20443c4eb266318200e4d7927c163e0eaec4ede780a
SHA1
- 0539c6df68e9ef15cbfa1f07daca8fd759fef874
- 3e93999954ce080a4dc2875638745a92c539bd50
- f6013bcaaa4f2df7c05ed2777bf845e844666297
- 902bf00251c4ae77a51049e9a8cb422fe526f589
- 00eb93b35a629ecbefca468fa5614c159b3becb9
- 242bc043057bb12e27a9fe4db20d6bdb953cbc11
- 7b7a1653030fd3ad4464b7f09d9ac401a5f691c9
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment
For further details and patches on CVE-2021-26855 please visit the below-mentioned link
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855