Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 26, 2023
Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]May 26, 2023Severity Medium Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]May 26, 2023Severity Medium Analysis Summary CVE-2023-44520 CVSS:7.8 Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
May 26, 2023Severity High Analysis Summary CVE-2023-32165 CVSS:9.8 D-Link D-View could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in TftpReceiveFileHandler […]May 26, 2023Severity Medium Analysis Summary Cobalt Strike first appeared in 2012 in response to alleged flaws in the Metasploit Framework, an existing red team (penetration testing) tool. […]May 26, 2023Severity Medium Analysis Summary CVE-2023-44520 CVSS:7.8 Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Nokoyawa Ransomware – Active IOCs
May 26, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
May 26, 2022
Severity
High
Analysis Summary
OilRig, aka HelixKitten, APT 34, and Twisted Kitten, is a suspected Iranian threat group targeting Middle Eastern and international victims since at least 2014. The group appears to conduct supply chain attacks, taking advantage of the trust connection between organizations to attack its major targets. Based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that corresponds with nation-state goals, researchers conclude that the organization operates on behalf of the Iranian government. Financial, political, energy, chemical, and telecommunications sectors are the top targets of this threat actor group. For lateral movement, OilRig makes use of stolen account credentials. OilRig uses credential dumping tools like Mimikatz to harvest credentials from accounts logged onto the compromised system after gaining access to it. The threat actor group utilizes these credentials to gain access to and move laterally via the network’s systems.
Impact
Information Theft and Espionage
Exposure of Sensitive Data
Indicators of Compromise
MD5
- ccc36ffd7b4634b107e3f8518ad3a539
SHA-256
- b69812221cd9328a70c90f771c58be44693de493df18f0a08ebd0bb6236e37a7
SHA-1
- c7a1f076dfaeaaa6bacc0e610078a20f1879f091
Remediation
Block all threat indicators at your respective controls.
Search for IOCs in your environment.