Rewterz Threat Advisory – CVE-2020-13959 – Apache Velocity Tools cross-site scripting
March 11, 2021Rewterz Threat Alert – Donot APT group Fresh Campaign – IOCs
March 11, 2021Rewterz Threat Advisory – CVE-2020-13959 – Apache Velocity Tools cross-site scripting
March 11, 2021Rewterz Threat Alert – Donot APT group Fresh Campaign – IOCs
March 11, 2021Severity
High
Analysis Summary
A campaign has been uncovered that looks like the work of Iran-based APT group Helix Kitten, aka OilRig and APT34. Initial analysis of likely OilRig-related observables revealed a System Exchange Service.dll targeting the Lebanon nuclear industry with information theft and unauthorized access characteristics, targeting other manufacturing and technology companies. While much remains unknown about this newly identified campaign, this is an active campaign and is being monitored carefully.
Impact
- Credential Theft
- Unauthorized Access
- Information Theft and espionage
Indicators of Compromise
MD5
- e3aa0ee289e8d7a6d5da8149ba66ef2a
SHA-256
- d6b876d72dba94fc0bacbe1cb45aba493e4b71572a7713a1a0ae844609a72504
SHA1
- bf757c549fef79ce113da99dd70889de01e08349
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.