Rewterz Threat Advisory – Multiple IBM Spectrum Scale Security Vulnerabilities
March 17, 2021Rewterz Threat Alert – LokiBot – Active IOCs
March 17, 2021Rewterz Threat Advisory – Multiple IBM Spectrum Scale Security Vulnerabilities
March 17, 2021Rewterz Threat Alert – LokiBot – Active IOCs
March 17, 2021Severity
High
Analysis Summary
The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. This time they’re back with the another malicious sample dropping malicious exe file samples to different users. Believed to be sponsored by the Russian FSB security service, Turla has been active since at least 2008 and while constantly evolving its own toolkit, has also been turning its attention towards the infrastructure and resources of other APTs.
Impact
Information theft and espionage
Indicators of Compromise
MD5
- 9233b0492ec15c34dd89dc448d4a2de6
SHA-256
- ec2ca1e96997e6146f9c148d3607e7a53607c21f31ff03894266d27cb29f082d
SHA1
- fe1c0a43fa1f379e4f9703ea040790fb7f2fee27
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.