Rewterz Threat Alert – Nanocore Rat – Active IOCs

March 18, 2022

Rewterz Threat Advisory – Multiple Adobe Acrobat Reader DC Vulnerabilities

March 21, 2022

Rewterz Threat Alert – Cyclops Blink – Active IOCs

March 18, 2022

Severity

Medium

Analysis Summary

Cyclops Blink is an infectious Linux ELF executable. The executable has been associated by security agencies with a botnet that is used to target small offices. Office and home network devices have been targeted by this large-scale malware since 2019. Two samples of the botnet have been analyzed by security researchers and their information has revealed how it works:

Cyclops Blink appears to have been professionally developed, given its modular design approach. A comparison of the core component functionality between the analysed samples indicates that they have most likely been developed from a common code base. – Security Researchers

The researchers have also attributed Cyclops Blink to Russian APT “Sandworm”.

Impact

DDoS (Distributed Denial of Service)
File Encryption
System Infection

Indicators of Compromise

MD5

12053b6e329902d3a9723a88f3b99278
aa35d45d0c7ad31d1bd5c54d31fd06ab
d72901696ade1128e8ef42cf6a81e20d
1d7b16b333058a584f5152cfc965a2a6
af22b6f54f03160ab2fbc8b5d92f8938
9b33ba6c689b63b24424f28fb629ab11
d6a193f48b5acc02010962fdc737e4c3
a4d01af3247a81607cf0ba898940b559
676fb7a6d88606d08e9668d667fe70f4
88d9382c5e787bcd5db46c50639c9304

SHA-256

1454338b1bbb692dadb90c758ba8789f56c48dd52f9f94b6dc6784f0944e20f9
145bf0e879d544a17364c53e1e695adab8e927fe196cc0d21ad14be3e2cb469f
36b3a9dcb283fb0f9fd45f4a371006228d206ec0bdd9e3392eb2d07e72f8d7b0
3830213049d64b09f637563faa470b0f2edd0034aa9e92f7908374bd1d6df116
4ec5e0c5dccc5891d39ea76e3c3d3e26d8830d7aa4d63db6084dbfbec6f0d211
6f4ee4e05483ca3db54040506ac21a2b49d2bd12379cafad54764907be228556
82c3f5092d45ce0e19ac42adaf6632b954b8e78d399f673724956a89c1826d7b
88e568afd69fbc944a8d8268e41f2f6100e8bb007083175884ea4149033f4fcf
cc3d51578a9dcc7e955061881490e54883904956f5ca5ee2918cd3b249415e59
d186f553ad6b38951fdebabfe7ecb4ca6d86ac702a9e8c90a338ad668afdf490

SHA-1

bebde70501d4ac04a1c6cfdee5f4e0a5133ba670
a8d58a420672426ac66995ff20388ee87c3c6de0
2dde17cb2fea6152176bb845687286805102c108
e0ed664561f075d0fb56b4c2b7cfcc6675f264e8
b398ad9dc1890086de7bfa650cbecfe7f5e24c7e
f5bae673dc6dcb65a2f0140c046380ec270730b4
20595eb572d7d96e72bd80b2c01d00aa0ef3bb0d
d116882777fd022885f34bbb95346bb21ad2aea0
844deac5fa30ae8aa85879b0512ba052121e6de9
cb6cbbac988e6f60c9a194f98ef5d25ee13fc60b

Remediation

Search for IOCs in your environment.
Block all threat indicators at your respective controls.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CVE-2024-32638 – Apache APISIX Vulnerability

Multiple SAP Products Vulnerabilities

Multiple IBM Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us