Rewterz Threat Alert – Donot APT group – IOCs
April 28, 2021Rewterz Threat Advisory – CVE-2021-2321 – Oracle VirtualBox information disclosure
April 29, 2021Rewterz Threat Alert – Donot APT group – IOCs
April 28, 2021Rewterz Threat Advisory – CVE-2021-2321 – Oracle VirtualBox information disclosure
April 29, 2021Severity
High
Analysis Summary
A campaign has been uncovered that looks like the work of Iran-based APT group Helix Kitten, aka OilRig and APT34. Initial analysis of likely OilRig-related observables revealed a phishing campaign targeting the oil and gas sector, as well as several other manufacturing and technology companies. While much remains unknown about this newly identified campaign. The campaign circulates around the executable sent to the users and make the inital access in the victim’s system.
Impact
- Credential Theft
- Unauthorized Access
- Information Theft and espionage
Indicators of Compromise
MD5
- d60a54f4710c37bf8d9c7a239679cfe6
SHA-256
- a9397eb9e95087db7e03239c689776d56c1450d685568564acd90e1532c78882
SHA1
- e104ae10ddf7692c78cfa4cb51d772ded4995524
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environement.