Rewterz Threat Advisory –Multiple F5 BIG-IP Vulnerabilities
August 25, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
August 25, 2021Rewterz Threat Advisory –Multiple F5 BIG-IP Vulnerabilities
August 25, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
August 25, 2021Severity
High
Analysis Summary
MenuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security’s (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. MenuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.
Impact
- Data Encryption
Indicators of Compromise
Filename
- active_desktop_render[.]dll
MD5
- 3a4b6d3685ddbcc18d607cd7a4c2844e
- 957af740e1d88fabdaf73bd619cb3d31
SHA-256
- c0ad7298face0d194adc166bba14e77c30ce9eba2a931f79d022ec0afe3ef248
- ed834722111782b2931e36cfa51b38852c813e3d7a4d16717f59c1d037b62291
SHA1
- 0b57a740ff9b27ceea7d062e132cc9e3da562beb
- a43002aed315f1f52d7628009438d685a2e361b3
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.