Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple Microsoft Dynamics 365 Vulnerabilities
February 15, 2023Rewterz Threat Advisory – CVE-2023-20075 – Cisco Email Security Appliance Vulnerability
February 16, 2023
Severity
High
Analysis Summary
In April 2021, researchers identified a new advanced threat entity, Actor210426, which was later named MurenShark. MurenShark is an APT group active in the Middle East, primarily targeting Turkey. This group attacked the Turkish Navy project called “MÜREN” in 2022 and is believed to have shown interest in military projects. In addition to this, it has also been discovered that the group has targeted research institutes, universities and other sensitive targets. This group is known to have rich experience in counter-analysis, reverse traceability and other forms of cyber espionage. It has also been observed that this group has been known to use attack tools and methods to avoid easy detection. The group also uses compromised websites as its file server and command and control (C&C) server, employing split-functionality in order to conceal its activity and extend its reach. It is also believed to be using a known attack tool, called NiceRender, to phish victims.
MurenShark has been linked to various cyber espionage campaigns, including the theft of intellectual property and other sensitive data. The group is known for using a variety of sophisticated tactics, techniques, and procedures (TTPs) to evade detection and maintain persistence within target networks.
Impact
- Penetration Of Targeted Network
- Key Data Theft
- Intellectual Property Theft
Indicators of Compromise
MD5
- 059f01038dfc4c084cb3b9c847c8eab9
- 378ed43137e00a12c3cf013f98c3d653
SHA-256
- 4c04d38ded8afb34af4617b5ed73db263c64593525ea729423838f5b2e4bd975
- 505867bd9495f47db05a249280c1c6a5236ba4ffe305645f54db48527fcb74eb
SHA-1
- 6fd230bc18bd8a8f1c4847212050c56e668cdd66
- 454c3515ee0487c94b4bb4e9f6ebd7b8c2ef192d
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Maintain Offline Backups
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/sender
- Strengthen Endpoint security with antivirus software, firewalls, and other security tools that can help detect and prevent malware infections.
- Implement Access Control policies that restrict access to sensitive data and resources can help limit the damage of a potential breach.
- Assess the organization’s security posture that can help identify vulnerabilities and address them before they can be exploited by threat actors like MurenShark.