Rewterz Threat Alert – RCE Exploit spread through Dark Mirai Botnet on TP-Link Routers
December 10, 2021Rewterz Threat Alert – PatchWork APT Groups Targeting Pakistani Government Officials – Active Campaign
December 10, 2021Rewterz Threat Alert – RCE Exploit spread through Dark Mirai Botnet on TP-Link Routers
December 10, 2021Rewterz Threat Alert – PatchWork APT Groups Targeting Pakistani Government Officials – Active Campaign
December 10, 2021Severity
High
Analysis Summary
Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. The attacker main target is to get control of the target system using the malicious document. The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file
Impact
- Template Injection
- Exposure of Sensitive Data
Indicators of Compromise
IP
- 185[.]46[.]10[.]154
MD5
- ca84499e96eae4e19986c576a2465124
- 9b0b60ef169dae3577db45c430cce0db
SHA-256
- 113cd8002383282ecb78355fe3a81d90b45b997a84c7cfa2fd5361aa5067084f
- 90cb5319d7b5bb899b1aa684172942f749755bb998de3a63b2bccb51449d1273
SHA-1
- 7021b7dd237497592dc692205b2607eb7ea5ddc4
- c90aca8ac4bf5f7746230ec1d90da3c7cca1129f
URL
- http[:]//185[.]46[.]10[.]154/indirect[.]php
- http[:]//gorimana[.]site/international[.]php
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.