Rewterz Threat Advisory – Cyclops Blink – Active IOCs
February 24, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 24, 2022Rewterz Threat Advisory – Cyclops Blink – Active IOCs
February 24, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 24, 2022Severity
High
Analysis Summary
In the year 2013, a research team extracted a set of advanced backdoors which used code obfuscation, TCP SYN packets, self-destruction design, and system hiding.
Through further research, the researchers found that the multiple procedures and attack operation manuals disclosed by “The Shadow Broker” are completely consistent with the only identifier used in the NSA network attack platform operation manual exposed by CIA analyst Snowden in the “Prism” incident in 2013. – Researchers
The shadow brokers also revealed that the victims spanned 45 countries including Pakistan, Italy, Japan, Russia, Spain, etc.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 58b6696496450f254b1423ea018716dc
SHA-256
- 7989032a5a2baece889100c4cfeca81f1da1241ab47365dad89107e417ce7bac
SHA-1
- ad0197db424b35314a479552875e18893a4ba95a
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.