logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Dragonfly Targets ICS Systems Using Man on the Side Attacks

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 25, 2023
    March 25, 2023
    Rewterz Threat Alert – GandCrab or .CRAB Ransomware – Active IOCs
    Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]
    March 25, 2023
    March 25, 2023
    Rewterz Threat Alert – NJRAT – Active IOCs
    Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]
    March 24, 2023
    March 24, 2023
    Rewterz Threat Advisory – CVE-2023-20113 – Cisco SD-WAN vManage Software Vulnerability
    Severity Medium Analysis Summary CVE-2023-20113  Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Dragonfly Targets ICS Systems Using Man on the Side Attacks

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 25, 2023
    March 25, 2023
    Rewterz Threat Alert – GandCrab or .CRAB Ransomware – Active IOCs
    Severity Medium Analysis Summary GandCrab – a ransomware-as-a-service variant – was discovered in early 2018. At least five versions of GandCrab have been created since its […]
    March 25, 2023
    March 25, 2023
    Rewterz Threat Alert – NJRAT – Active IOCs
    Severity Medium Analysis Summary NjRat is a Remote Access Trojan, which is found leveraging Pastebin to deliver a second-stage payload after initial infection. There are multiple […]
    March 24, 2023
    March 24, 2023
    Rewterz Threat Advisory – CVE-2023-20113 – Cisco SD-WAN vManage Software Vulnerability
    Severity Medium Analysis Summary CVE-2023-20113  Cisco SD-WAN vManage Software is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
July 25, 2019
Rewterz
Rewterz Threat Alert – TA505 Impersonates Airlines
July 26, 2019

Rewterz Threat Alert – Dragonfly Targets ICS Systems Using Man on the Side Attacks

July 25, 2019

Severity

High

Analysis Summary

Since at least 2010, the IRON LIBERTY threat group (also known as TG-4192, Energetic Bear, Dragonfly, and Crouching Yeti) has targeted the energy sector with a particular focus on industrial control systems (ICS). Following public disclosures in 2014, the likely Russian government group became less visibly active, but by 2016 it resumed operations with a combination of new and old techniques and tools.

Impact

Credential theft

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

  • 00a1b9fd9af9c5e366ef19908f028e9cca0462ec16adab9763e8c8b017b0f6bc
  • 172be9ebd26946bdfe19150e304c8abd59d43a7bf92afa270f028c9a4a29fd99
  • 18a4ab7f7783c06d6fd782908f8495e7c1ea15fa
  • 195ec5fb2d5ccd344b655a955f20db81
  • 1fd5b0b1a218b65443d7088e47dd79018bf46935375b061f5f78fbe1cadb50dc
  • 20d20c9dda1f922786f95132eb64753b38f7db695d29a7b9993b880e44043b59
  • 20ec7658254eddd917e1b351e1728534
  • 2618ab729dea68dfbcb11dce2e66c8c2
  • 2a876d27689a4947e01c785b42c45c09788ee4d4
  • 2dbdeef42699730635abdc657775e4af
  • 3019f121e6cc3a955c1a8005fd78328ab7c1d479
  • 336b6f0108a23b95f3141afc787a31dd
  • 3a7927fa71d43e3856761f2bf7d5441e6b310e30
  • 418e58b78731546089eb1b7fa6e1d99f
  • 425346c68fa8e113c4e243d1193c050548839c86
  • 47a3f4fbe7984e3ae3d2088e2898bea371a0aeaee8fca6a6b6d59d6e938393fa
  • 4877050e41f269bab1013649f747f1bd2a1f53e07825c21778f4b1a9a882c7bb
  • 4ad06a76e1ad423b13e03587a887ede0
  • 4af90d010586d7153345dc563722cdb12fd607e1
  • 4ff23bc0b3a0fc08ac9f6bd7bbff73a15dc00d8e
  • 5179d5874383b3c6a45350f77e86098ae7be606df490afbd57d98bed8e3bc2cd
  • 53a4eae9858f4876fde02f7666ef6e0f69e8f70b
  • 581fccf4766b23fbff924ce932b7d717
  • 6449cff2a0497cae0c3fb780da287e2c
  • 644ccf37af908d79da496c06b85b9060550149d9
  • 656fe7c362b7421d5e94ab186e0beca01c00b55eecefa25270805fca6ad96d9a
  • 6851cbfa790eb56b68942ee86a045c36
  • 6cd47d4c2fd8997683baa1f278d2dd94
  • 79c110e585934cd3756a5a7a259329eac4c6550c
  • 7aa8cd8a2669537631b8ac7b892f51d4c74056c1369007c474277ebdf82fb74e
  • 7b2c9bb78867319e8d907c48eb24e51dffc6a81edf5166dc4409ed07227402f3
  • 7f3511b7e6cad7274c2450afd88544910c0ae33b
  • 874295e9512c668a7df493c8975c081b
  • 8aaa1b931610122a1908d9bfe1806881b430b57462a2147d403bb495183bd592
  • 8aeacf3fde1b49940fb4d08226dccbc4
  • 8b8b33a14f7be027fdb1aec1555fa8a8
  • 8c5e6df90795fbbb3f6396abfe05887d4ad82982
  • 94a1ec29f5d55edc67eee98ea086e4dbc98e5a56
  • 95ba7f7b073bbf60f85d4c7b1bd76adfec8299aa
  • 990e2e3ab8e2c8126214e667b0dc282f
  • 9a1a196f6f5afa19643856cf8545b3401fc2dae8f79ec08a32456b3e9f8bbdbd
  • 9d994710941540fe6bdf43196679b6a667f6370f1aa9b538836a509f4e4c42c4
  • a35ace92645e8a62536031784f60679200252a2a4ec1dc287f93797be34dfed2
  • ade68f4e5b03c6cf86b851613dbc3629
  • adf809c93f6bc1f758e7e3a4aeeb39d00e34e762ac4ff48dce59de5efb0f80fd
  • c605a771730cc618f2f85a8bee9d9cbdabc6f5f47d803976b4923f64f9aea282
  • ca2776624f2e0c1b1b478c77f63cf5ed1075b62a
  • da6f24b1bf61ad233ac9bf6709951db57c59ad2e
  • da97e4cda8eeef12c6540c6b060451a1369b7638
  • de0d3aaee6254074222d9bdf35fa67218d9738f05e1dfb75173cf982c03a0811
  • e644771565fb2144d018e8ce89fa116fc7e564007f941ce712fa5f929b86e338
  • f65425f95d84bd7efc71e402f40e59542bdd83db
  • fd6145bbc722ef52eed6b94dd520170c
  • fca1fa07afa1b3ff9f67f2a377de51ae
  • fd6145bbc722ef52eed6b94dd520170c
  • fff6dc1216fe549fa1d700f1ccfcd754

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo