Rewterz Threat Advisory – CVE-2021-32463 – Trend Micro Apex One DoS Vulnerability
July 13, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 14, 2021Rewterz Threat Advisory – CVE-2021-32463 – Trend Micro Apex One DoS Vulnerability
July 13, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 14, 2021Severity
High
Analysis Summary
A campaign has been uncovered that looks like the work of Iran-based APT group Helix Kitten, aka OilRig and APT34. Initial analysis of likely OilRig-related observables revealed a phishing campaign targeting the oil and gas sector, as well as several other manufacturing and technology companies. While much remains unknown about this newly identified campaign. The campaign circulates around the executable sent to the users and make the inital access in the victim’s system.
Impact
Information Theft and Espionage
Credential Theft
Unauthorized Access
Indicators of Compromise
Filename
- SQLADHLP[.]EXE
MD5
- fe73a32f00c77fdb6b1f9b61e933b76b
SHA-256
- b59dea96ef94e8d32ee1a1805174318643569bbdca0d7569ede19467ff09dcdc
SHA-1
- 015a127407fc5092d52d6a91d51e4fbadc82612a
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment