Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
June 10, 2021Rewterz Threat Advisory – CVE-2021-3041 – Palo Alto Cortex XDR Agent Vulnerability
June 10, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
June 10, 2021Rewterz Threat Advisory – CVE-2021-3041 – Palo Alto Cortex XDR Agent Vulnerability
June 10, 2021Severity
High
Analysis Summary
Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. Attacker main target is to get control of the target system using the malicious document.The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.
Impact
- Template injection
- Exposure of sensitive data
Indicators of Compromise
Filename
- ЛИст-резолюції за 25[.]05[.]2921(1)[.]docx
- по ковиду 21[.]05[.]docx
MD5
- 073022b3624f3fa24357036f0bcc05f1
- 224ef7b4ac7841d3e632df07d1cbea2b
SHA-256
- 40162ef9a1efdf57eafb60364c3121471eefd7d65eb2afeb190fcfa44c55a460
- d6f0800534cec3bd19d2ed74bac01dbbe16a52168c69005da5c1c0d9920be16c
SHA1
- dfcc3bccaedc1bf7f40576c36f0344e5bee778a3
- 2f13bc3bf9aebee888a97859b8c334ed3dad68af
URL
- http[:]//kilogar[.]ru/GP/questionable/regain/integer[.]dot
- http[:]//185[.]251[.]89[.]153/DESKTOP-ST7LSDE/gloves/claimed[.]dot
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment