Rewterz Threat Advisory – ICS: Advantech ADAM-3600 Vulnerability
February 2, 2022Rewterz Threat Alert – MuddyWater Targeting Turkish Organizations – Active IOCs
February 2, 2022Rewterz Threat Advisory – ICS: Advantech ADAM-3600 Vulnerability
February 2, 2022Rewterz Threat Alert – MuddyWater Targeting Turkish Organizations – Active IOCs
February 2, 2022Severity
High
Analysis Summary
Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. The attacker main target is to get control of the target system using the malicious document. The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file
Impact
- Template Injection
- Exposure of Sensitive Data
Indicators of Compromise
Domain Name
- surname192[.]temp[.]swtest[.]ru
Filename
- Щодо заходження суден під державним прапором в порти АР Крим на 27[.]01[.]2022[.]docx
- Щодо заходження суден під іноземним прапором в порти АР Крим на 27[.]01[.]2022[.]docx
MD5
- 178b0739ac2668910277cbf13f6386e8
- fd4de6bb19fac13487ea72d938999fbd
SHA-256
- a82cb2076b7274179d5f7246f8db274eda47a89392875b3c700f2fa15d70ab2e
- 839170c51d75bd1dc77f17b957846ace0caa19a83de837277d7294a47e5023b3
SHA-1
- 374c9059fce14f0d61945ecb7d9a96d6ef0ea31b
- 833d60a91f1726411898ecb4af0352cf47d24712
URL
- http[:]//surname192[.]temp[.]swtest[.]ru/prapor/su/derg[.]gif
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.