Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 18, 2022Rewterz Threat Advisory – Multiple Adobe Acrobat Reader DC Vulnerabilities
March 21, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 18, 2022Rewterz Threat Advisory – Multiple Adobe Acrobat Reader DC Vulnerabilities
March 21, 2022Severity
Medium
Analysis Summary
Cyclops Blink is an infectious Linux ELF executable. The executable has been associated by security agencies with a botnet that is used to target small offices. Office and home network devices have been targeted by this large-scale malware since 2019. Two samples of the botnet have been analyzed by security researchers and their information has revealed how it works:
Cyclops Blink appears to have been professionally developed, given its modular design approach. A comparison of the core component functionality between the analysed samples indicates that they have most likely been developed from a common code base. – Security Researchers
The researchers have also attributed Cyclops Blink to Russian APT “Sandworm”.
Impact
- DDoS (Distributed Denial of Service)
- File Encryption
- System Infection
Indicators of Compromise
MD5
- 12053b6e329902d3a9723a88f3b99278
- aa35d45d0c7ad31d1bd5c54d31fd06ab
- d72901696ade1128e8ef42cf6a81e20d
- 1d7b16b333058a584f5152cfc965a2a6
- af22b6f54f03160ab2fbc8b5d92f8938
- 9b33ba6c689b63b24424f28fb629ab11
- d6a193f48b5acc02010962fdc737e4c3
- a4d01af3247a81607cf0ba898940b559
- 676fb7a6d88606d08e9668d667fe70f4
- 88d9382c5e787bcd5db46c50639c9304
SHA-256
- 1454338b1bbb692dadb90c758ba8789f56c48dd52f9f94b6dc6784f0944e20f9
- 145bf0e879d544a17364c53e1e695adab8e927fe196cc0d21ad14be3e2cb469f
- 36b3a9dcb283fb0f9fd45f4a371006228d206ec0bdd9e3392eb2d07e72f8d7b0
- 3830213049d64b09f637563faa470b0f2edd0034aa9e92f7908374bd1d6df116
- 4ec5e0c5dccc5891d39ea76e3c3d3e26d8830d7aa4d63db6084dbfbec6f0d211
- 6f4ee4e05483ca3db54040506ac21a2b49d2bd12379cafad54764907be228556
- 82c3f5092d45ce0e19ac42adaf6632b954b8e78d399f673724956a89c1826d7b
- 88e568afd69fbc944a8d8268e41f2f6100e8bb007083175884ea4149033f4fcf
- cc3d51578a9dcc7e955061881490e54883904956f5ca5ee2918cd3b249415e59
- d186f553ad6b38951fdebabfe7ecb4ca6d86ac702a9e8c90a338ad668afdf490
SHA-1
- bebde70501d4ac04a1c6cfdee5f4e0a5133ba670
- a8d58a420672426ac66995ff20388ee87c3c6de0
- 2dde17cb2fea6152176bb845687286805102c108
- e0ed664561f075d0fb56b4c2b7cfcc6675f264e8
- b398ad9dc1890086de7bfa650cbecfe7f5e24c7e
- f5bae673dc6dcb65a2f0140c046380ec270730b4
- 20595eb572d7d96e72bd80b2c01d00aa0ef3bb0d
- d116882777fd022885f34bbb95346bb21ad2aea0
- 844deac5fa30ae8aa85879b0512ba052121e6de9
- cb6cbbac988e6f60c9a194f98ef5d25ee13fc60b
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective controls.