Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
June 23, 2021Rewterz Threat Advisory – Multiple NVIDIA Jetson Chipsets Vulnerabilities
June 23, 2021Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
June 23, 2021Rewterz Threat Advisory – Multiple NVIDIA Jetson Chipsets Vulnerabilities
June 23, 2021Severity
High
Analysis Summary
APT Group MuddyWater has been resurfaced again. The group primarily has targeted Middle Eastern, European, and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.
Impact
- Credential theft
- Espionage
Indicators of Compromise
MD5
- 2ec61c8b7e57126025ebfdf2438418fc
- 64fc017a451ef273dcacdf6c099031f3
- 3c2a436c73eeb398cfc0923d9b08dcfe
- c67d578a14571e4f56430ce4bdc228f9
- fa6d5164772ba72dc3931dae8e09b488
- 71ffc9ebbb80f4e2f405034662dfd424
- 3c1b429685e5f1853a3cd955bd0acbd7
- 960594cbdf938bcb03bd0637843d9154
- e8e84ac1ae83a45c260df146e97cb1cb
SHA-256
- ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131
- 0cd6f593cc58ba3ac40f9803d97a6162a308ec3caa53e1ea1ce7f977f2e667d3
- 79fd822627b72bd2fbe9eae43cf98c99c2ecaa5649b7a3a4cfdc3ef8f977f2e6
- 304ea86131c4d105d35ebbf2784d44ea24f0328fb483db29b7ad5ffe514454f8
- fb414beebfb9ecbc6cb9b35c1d2adc48102529d358c7a8997e903923f7eda1a2
- 3495b0a6508f1af0f95906efeba36148296dccd2ab8ffb4e569254b683584fea
- 70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b
- 468e331fd3f9c41399e3e90f6fe033379ab69ced5e11b35665790d4a4b7cf254
- f664670044dbd967ff9a5d8d8f345be294053e0bae80886cc275f105d8e7a376
- 8bee2012e1f79d882ae635a82b65f88eaf053498a6b268c594b0d7d601b1212f
- 9b345d2d9f52cda989a0780acadf45350b423957fb7b7668b9193afca3e0cd27
- 5e2642f33115c3505bb1d83b137e7f2b18e141930975636e6230cdd4292990dd
- b2f429efdb1801892ec8a2bcdd00a44d6ee31df04721482a1927fc6df554cdcf
- 3e4e179a7a6718eedf36608bd7130b62a5a464ac301a211c3c8e37c7e4b0b32b
SHA1
- 5844344b5cf4c8d0d577f5506c8e5d4d680bd0d6
- 6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585
- 8afe8c82901a1a07fb92d10457617f7eb16a4eea
- c4f00531020b8f7cc865fe26c6e31e358e666831
- cf8ad0da6dc45ae7ce87f792b1e60175cefc2b50
- dfe1f455adf8a98d94c7217acc763770ada4b4af
- 09a73164c70426372b431cba80510037eb42feb9
- f228e772a31b4fc160cb59cf5627224613f10941
- c58370b4114d4d493e141a66cd1484573ccf02b5
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.