Rewterz Threat Advisory – CVE-2021-37973 – Google Chrome Portals Vulnerability
September 27, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
September 27, 2021Rewterz Threat Advisory – CVE-2021-37973 – Google Chrome Portals Vulnerability
September 27, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
September 27, 2021Severity
Medium
Analysis Summary
Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named ‘Beacon’ on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.
Impact
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- 1031a6376f372fdb60564050796eb393
- 8e37795097400f6a609525749d154cd0
SHA-256
- f42a8f8f1c3728d01ae98d35c3ff93190c1384542cfc22919b851412febc16ad
- 6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b
SHA-1
- ba7f574841d76cab97f7115b1cb1e3b3b8fc5135
- 8e1502c2aa56e6a8c7c1d2c75f3946332a5bb8c0
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.