

Rewterz Threat Advisory – Oracle Linux update for kernel-uek Multiple Vulnerabilities
April 15, 2019
Rewterz Threat Advisory – CVE-2019-0228 – Apache PDFBox XML External Entity Vulnerability
April 15, 2019
Rewterz Threat Advisory – Oracle Linux update for kernel-uek Multiple Vulnerabilities
April 15, 2019
Rewterz Threat Advisory – CVE-2019-0228 – Apache PDFBox XML External Entity Vulnerability
April 15, 2019Severity
High
Analysis Summary
Muddy water a very capable APT group active since 2017 is now active again recently and has been targeting various organizations. Threat indicators are provided.
Indicators of Compromise
IP(s) / Hostname(s)
googleads[.]hopto[.]org
URLs
http[:]//googleads[.]hopto[.]org/data/f06a3389ae431520[.]dat
http[:]//infosystema[.]kg/public/images/file_library/2-Merve_Cooperation_CV[.]doc
http[:]//orbe-fzc[.]com/
http[:]//orbe-fzc[.]com//list[.]doc
http[:]//orbe-fzc[.]com/Government-Form[.]doc
http[:]//orbe-fzc[.]com/letter-for-Kazakhstan[.]doc
http[:]//orbe-fzc[.]com/list[.]doc
orbe-fzc[.]com
Malware Hash (MD5/SHA1/SH256)
- 08e256cd2fa027552be253ec3bf427b537977f9123adf1f36e7cd2843a057554
- 2f77ec3dd5a5c8146213fdf6ac2df4a25a542cbd809689a5642954f2097e037a
- 925225002364615b964e4e3704876d9b101e4f07169dbb459175248aefb5a0ad
- 93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987
- c005e11a037210eb8efe12b8dee794be36151de30b0223f2c9c4b9680cb033c0
- c873532e009f2fc7d3b111636f3bbaa307465e5a99a7f4386bebff2ef8a37a20
Remediation
Block the threat indicators at their respective controls.