• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Vovabol Ransomware – Active IOCs
April 7, 2022
Rewterz Threat Alert – Pegasus Spyware – Active IOCs
April 7, 2022

Rewterz Threat Alert – Cyclops Blink Disrupted by Intelligence Agencies – Active IOCs

April 7, 2022

Severity

High

Analysis Summary

Cyclops Blink is an infectious Linux ELF executable. The executable has been associated by security agencies with a botnet that is used to target small offices. Office and home network devices have been targeted by this large-scale malware since 2019. Two samples of the botnet have been analyzed by security researchers and their information has revealed how it works:

Cyclops Blink appears to have been professionally developed, given its modular design approach. A comparison of the core component functionality between the analysed samples indicates that they have most likely been developed from a common code base. The researchers have also attributed Cyclops Blink to Russian APT “Sandworm”.

The U.S. Department of Justice has announced court authorized operation against cyclops blink and two-tiered global botnets affecting thousands of network hardware devices known as Sandworm.

“This court-authorized removal of malware deployed by the Russian GRU demonstrates the department’s commitment to disrupt nation-state hacking using all of the legal tools at our disposal,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “By working closely with WatchGuard and other government agencies in this country and the United Kingdom to analyze the malware and to develop detection and remediation tools, we are together showing the strength that public-private partnership brings to our country’s cybersecurity. The department remains committed to confronting and disrupting nation-state hacking, in whatever form it takes.”

Impact

  • DDoS (Distributed Denial of Service)
  • File Encryption
  • System Infection

Indicators of Compromise

IP

  • 1[.]9[.]85[.]247
  • 1[.]9[.]85[.]248
  • 1[.]9[.]85[.]249
  • 1[.]9[.]85[.]252
  • 1[.]9[.]85[.]253
  • 1[.]9[.]85[.]254
  • 50[.]192[.]49[.]210
  • 50[.]196[.]104[.]201
  • 50[.]243[.]3[.]153
  • 50[.]243[.]3[.]154
  • 50[.]243[.]3[.]155
  • 50[.]243[.]3[.]157
  • 72[.]68[.]69[.]63
  • 79[.]11[.]46[.]30
  • 96[.]80[.]68[.]194
  • 96[.]80[.]68[.]195
  • 96[.]80[.]68[.]196
  • 96[.]80[.]68[.]197
  • 102[.]50[.]244[.]205
  • 148[.]76[.]89[.]2
  • 148[.]76[.]89[.]3
  • 148[.]76[.]89[.]4
  • 148[.]76[.]89[.]5
  • 151[.]0[.]185[.]146
  • 151[.]0[.]185[.]149
  • 162[.]17[.]254[.]17
  • 182[.]73[.]50[.]114
  • 182[.]73[.]50[.]115
  • 185[.]198[.]198[.]254
  • 212[.]103[.]208[.]182
  • 216[.]211[.]37[.]59

Remediation

  • Search for IOCs in your environment.
  • Block all threat indicators at your respective controls.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.