Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution
September 8, 2021Rewterz Threat Advisory – Multiple Apache Dubbo Vulnerabilities
September 8, 2021Rewterz Threat Advisory – ICS: Advantech WebAccess BwFLApp Stack-based Buffer Overflow Remote Code Execution
September 8, 2021Rewterz Threat Advisory – Multiple Apache Dubbo Vulnerabilities
September 8, 2021Severity
High
Analysis Summary
European group Fin7 has been active since 2015 and continuously targeting various industries around the world and especially United States (US)-based companies. This European group is most famous in cybercrime group and has been credited with the theft of over 15 million payments cards records that cost organizations around the world approximately one billion (USD) dollars in lossess.Fin7 compromised networks of 47 states District of Columbia by stealing their complete financial information such as debit card data they can also steal sensitive information of victims and sell them in underground markets. Fin7 is also referred as Carbanak,Gold Niagara,Calcium.
Impact
- Information Theft and Espionage
- Credential Theft
- Exposure of Sensitive Data
- Unauthorized Access
Indicators of Compromise
Domain Name
- Users-Progress-072021-1[.]lnk
IP
- 85[.]14[.]253[.]178
MD5
- dc7c07bac0ce9d431f51e2620da93398
- d17f58c6c9771e03342cdd33eb32e084
- ad4a6a0ddeacdf0fc74c3b45b57a1316
- de14cf1e58d288187680f5938e2250df
- d60b6a8310373c9b84e6760c24185535
- 72149bbd364326618df00dc6b0e0b4c4
- 0d12e8754adacc645a981426e69b91ec
- 8f5302dafa90958117cbee992a0e09a9
- f4c77f40e325a420be4660370a97158c
- ce80bf89bbc800547039844d400ab27c
- 41c48b16a01f0322b4e851aa4e1c4e0e
SHA-256
- 71832696f8efa5ea83ffd5cf0af981ea931297b4679e71990afd6bac350d31fe
- 54116752c7b9c219dbf461ccab96573a2973784dc2c1bc858fe696d09ecd058c
- bddcb2e75e414b3a489d53f8cda1a21b043af7e7758998b17659c1938594d2ca
- 747cb5cbaa00b9850f9064b43ddb6de298d8058cf54f538af18366b22ece7fde
- ef0a68eb3e2998acdd5fdce8acd980ea9077c44fefced848a36805690844ae37
- 262f38e1d3bb10021c1b23ea48fcd77010b0bdddbbd5b8df64f570f16ffb2caa
- 6321c30fbd2e7d9d965750ec961766908980f69e946fa3ad97ed7f0d998fa46f
- 820df29031263bbbcc9f80ff560ddb478060c771318b2a7e74f87946e13d6f9b
- 8a392ab0f0ab1244dedc52fb1f99a2cf06f50766c0a75f1c4236375290be56d3
- 8cbf62b382ea5e4fecde4a6fb376014ad2aacfa0296df205a1a6ab1d2f5de3d5
- be88e29f703a60a139b2eb5593b5ae22b7afea2469308197505c6c862d5d16c9
SHA-1
- 895cbed43d27d42e7a021eb7a7f811f58896d8c7
- 25fadbc01eaa53b1d34fb5169f84a33901dfeed7
- 282c431963a312d65a73ba2147c7980eb493f1ca
- 42198262e8a6df03a9673888b509814cc36d777b
- 6b1da5e0ecda14512369a7201982a6bc13b33700
- ef878e44108b4b9103a32ecf7aae95e3e580e309
- f411bc0e65d7eebd9f7cff4e3417d7bc07df0279
- 7c39c0f7f4e757fe1548262ddd106b392f1d8bf7
- 6f6af41c3c5f6d8b5d0a804a443292438b2b478d
- 59fcfbfa399857d31b5a253b8ee53a29c65ba243
- 7c8801aa9d43631d25ed5250778d1b4112c4f608
Domain Name
- https[:]//bypassociation[.]com
- https[:]//bypassociation[.]com/images/sync?type=name
- https[:]//bypassociation[.]com/new?type=name
- https[:]//bypassociation[.]com/pictures/hide?type=name
- https[:]//bypassociation[.]com/pictures/show?type=name
- https[:]//bypassociation[.]com/images/hide?type=name
- https[:]//bypassociation[.]com/img/hide?type=name
- https[:]//bypassociation[.]com/img/add?type=name
- https[:]//bypassociation[.]com/images/add?type=name
- https[:]//bypassociation[.]com/info/hide?type=name
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.