Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
February 24, 2022Rewterz Threat Alert – Bvp47 Backdoor Used in Targeting Pakistan – Active IOCs
February 24, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
February 24, 2022Rewterz Threat Alert – Bvp47 Backdoor Used in Targeting Pakistan – Active IOCs
February 24, 2022Severity
Medium
Analysis Summary
Cyclops Blink is an infectious Linux ELF executable. The executable has been associated by security agencies with a botnet that is used to target small offices. Office and home network devices have been targeted by this large-scale malware since 2019. Two samples of the botnet have been analyzed by security researchers and their information has revealed how it works:
Cyclops Blink appears to have been professionally developed, given its modular design approach. A comparison of the core component functionality between the analysed samples indicates that they have most likely been developed from a common code base. – Security Researchers
The researchers have also attributed Cyclops Blink to Russian APT “Sandworm”.
Impact
- DDoS (Distributed Denial of Service)
- File Encryption
- System Infection
Indicators of Compromise
IP
- 100[.]43[.]220[.]234
- 96[.]80[.]68[.]193
- 188[.]152[.]254[.]170
- 208[.]81[.]37[.]50
- 70[.]62[.]153[.]174
- 2[.]230[.]110[.]137
- 90[.]63[.]245[.]175
- 212[.]103[.]208[.]182
- 50[.]255[.]126[.]65
- 78[.]134[.]89[.]167
- 81[.]4[.]177[.]118
- 24[.]199[.]247[.]222
- 37[.]99[.]163[.]162
- 37[.]71[.]147[.]186
- 80[.]155[.]38[.]210
- 217[.]57[.]80[.]18
- 212[.]202[.]147[.]10
- 212[.]234[.]179[.]113
- 185[.]82[.]169[.]99
- 93[.]51[.]177[.]66
- 80[.]15[.]113[.]188
- 80[.]153[.]75[.]103
- 109[.]192[.]30[.]125
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.