Rewterz Threat Advisory – CVE-2021-33623 – Node.js trim-newlines module denial of service
June 1, 2021Rewterz Threat Alert – APT-C-41 StrongPity – Active IOCs
June 1, 2021Rewterz Threat Advisory – CVE-2021-33623 – Node.js trim-newlines module denial of service
June 1, 2021Rewterz Threat Alert – APT-C-41 StrongPity – Active IOCs
June 1, 2021Severity
High
Analysis Summary
Bizarro is yet another banking Trojan family originating from Brazil that is now found in other regions of the world. Attempts have now been made to steal credentials from customers of 70 banks from different European and South American countries. Following in the footsteps of Tetrade, Bizarro is using affiliates or recruiting money mules to operationalize their attacks, cashing out or simply to helping with transfers. Bizarro has x64 modules and is able to trick users into entering two-factor authentication codes in fake pop-ups. It may also use social engineering to convince victims to download a smartphone app. The group behind Bizzaro uses servers hosted on Azure and Amazon (AWS) and compromised WordPress servers to store the malware and collect telemetry.
Impact
- Financial loss
- Exposure of sensitive data
Indicators of Compromise
MD5
- e6c337d504b2d7d80d706899d964ab45
- daf028ddae0edbd3d7946bb26cf05fbf
- 5184776f72962859b704f7cc370460ea
- 73472698fe41df730682977c8e751a3e
- 7a1ce2f8f714367f92a31da1519a3de3
- 0403d605e6418cbdf8e946736d1497ad
- d6e4236aaade8c90366966d59e735568
- a083d5ff976347f1cd5ba1d9e3a7a4b3
- b0d0990beefa11c9a78c701e2aa46f87
- 38003677bfaa1c6729f7fa00da5c9109
SHA-256
- 07e1ed9c60ef84688cb35923166762cff3325e058dff59a65549efcd22297436
- 202ee8b14ac2dff31910820fed613252d813aea22b015179975988308c0f1c85
- 261b9e4b576b1d2a1c4ce44a4b48cd776981e392615c8ee5556c066b82aeca21
- 5befbe89a10d72164cc746a7dc30b8cfe0bd5c8182b0677e009cc654fde10165
- 684e6bdced0521344b38a3dbd0ee159a0691ca47a766a3f0ea8ca5578ed0816d
- 8c30d08ef7a407fc32e721dd8d8f49260faf0451b41d7be5d61dd89361fb5d03
- 9e533c9f14375ca958fadc504b80dd89569a33b70275362bb1b6b6f9f27d03b8
- e13fe434eb19987ee1239caae2eca96df2cd2d78dec0f8d414e04b856bcf2b2e
- e3483974d1eeb589c9757f438deb9ebff59f8817679609ca846450188f394dd1
- f57fc4857a76fe66cb8eb0bbc9e88d9e70f9de2135d4802c7c18f89bd92060a9
SHA1
- f9f18153cabf61699d838407dddd4e937bb2efeb
- 9421a0648077bf1dfe364715eb3b865219420eba
- 555be80df104c946faba707a0106f5db56f89ed3
- 6e89857039ed3ae06144407b68c83c1926aebc95
- ef0690b07894ee0b6ac045a67f2c0852f3d858d0
- 3869b5c863cfc93b7b733364e98d3e51b05500a4
- 30c889477ee6ff8c3cf4a6b8bc6590f9ab51801b
- 938b9813b35a709d29870684eab2ffd89da07d9a
- ded014b455097f56976f6bb921c5b5b7e4bcb554
- 34a2a5ac1f655ab2835d94bb056d96ccb7608659
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.