Rewterz Threat Advisory – CVE-2021-45046 – Apache Log4j Vulnerability
December 15, 2021Rewterz Threat Advisory – Multiple Adobe Premiere Rush Vulnerabilities
December 15, 2021Rewterz Threat Advisory – CVE-2021-45046 – Apache Log4j Vulnerability
December 15, 2021Rewterz Threat Advisory – Multiple Adobe Premiere Rush Vulnerabilities
December 15, 2021Severity
High
Analysis Summary
Researchers have identified attempts from threat actors attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. The attackers exploited the Log4Shell remote code execution vulnerability to download a .NET binary from a remote server that encrypts the files on the target machine and adds the extension .khonsari to each file. The malware also drops a ransom note that requests the payment of the ransom in Bitcoin.
Impact
- File Encryption
Indicators of Compromise
Filename
- FecitAntiques[.]exe
MD5
- 6ac57a1e090e7abdb9b7212e058c43c6
SHA-256
- f2e3f685256e5f31b05fc9f9ca470f527d7fdae28fa3190c8eba179473e20789
SHA1
- 0a1e239348a73b1a95ac1767c8afebe4b98cdeff
Remediation
- Search for IOCs in your environment.
- Block all threat indicator at your respective controls.