![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2021-3411 – Linux Kernel can_optimize function code execution
February 22, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2021-26544 – Apache Livy cross-site scripting
February 23, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2021-3411 – Linux Kernel can_optimize function code execution
February 22, 2021![Rewterz](https://www.rewterz.com/wp-content/uploads/2023/01/News.jpg)
Rewterz Threat Advisory – CVE-2021-26544 – Apache Livy cross-site scripting
February 23, 2021Severity
High
Analysis Summary
The “Baby Elephant” organization is an APT attack organization from the direction of the South Asian subcontinent. The Baby Elephant organization’s attacks can be traced back to July 2017. Its main targets are the governments, military, defense, foreign affairs, nuclear energy, finance, education, telecommunications and other departments of South Asian countries such as Pakistan, Bangladesh, Sri Lanka, and Maldives. The recently captured baby elephant organization attack methods are mainly to deliver compressed packages containing blank RTF documents used for social work protection and LNK files containing malicious links to victims. The file names of the compressed packages, RTF files and LNK files are all It is related to Heavy Mechanical Complex Ltd (Heavy Mechanical Complex Ltd., a national engineering company under the Ministry of Industry and Production of Pakistan.
![advisory-1613997254.png](https://app.sirp.io/uploads/1/advisory/advisory-1613997254.png)
Impact
Information theft and espionage
Indicators of Compromise
Filename
- SUPPLY_OF_03_TON_MOT_CRANE_HOIST[.]zip
MD5
- b5cde0905326930c25f49bb20ddea5db
- c5aabc607102e93f489223e2f6d601a1
SHA-256
- 7dfcf1524953433816b9437e74d65bb81517f84ef0c6301d0fc6a901700290a3
- d55ff954abb04ec29745f7d80ea7457a862c8025a21e889f1ba44c32ba486a7e
SHA1
- fcc24f86852fe8f6ea6d541d45af9ca0e9c4c71f
- e16970ef74d1103f393d3128286c9d27f2c9f4f3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.