Rewterz Threat Advisory – CVE-2021- 21552 – Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability
June 21, 2021Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOCs
June 21, 2021Rewterz Threat Advisory – CVE-2021- 21552 – Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability
June 21, 2021Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOCs
June 21, 2021Severity
Medium
Analysis Summary
A malware called LastConn distributed by TA402, a threat actor also known as Molerats. The malware targeted government institutions in the Middle East and global government organizations associated with geopolitics in the region. TA402 is a Middle Eastern advanced persistent threat (APT) group that often targets entities in Israel and Palestine, in addition to other regions in the Middle East. In campaigns identified throughout 2021, TA402 leveraged Middle Eastern geopolitical themes including the ongoing conflict in the Gaza Strip. The custom malware implant identified by Proofpoint enables the threat actor to conduct reconnaissance on the target host and exfiltrate data. TA402 leveraged multiple mechanisms to avoid automated threat analysis including geofencing based on IP addresses, only targeting computers with Arabic language packs installed, and password-protected archive files to distribute malware.
Impact
- Credential Theft
- Data Exfiltration
Indicators of Compromise
MD5
- a03f516285d496d7f15c2e992846d109
- d07654434d64b73fe8cb49cfb9b7e3fb
- 80ece9b10c07fef60a7bdffa292da7de
- d07654434d64b73fe8cb49cfb9b7e3fb
- 674bbb246435921097548e2c4b519354
- 80ece9b10c07fef60a7bdffa292da7de
- a03f516285d496d7f15c2e992846d109
SHA-256
- 6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
- f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
- 1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
- f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
- 0db46fea5a0be8624069f978f115e4270833df29ed776c712182327a758fd639
- 0f36088ed9f5ffd4b42d35789113e99d8839edc52e554dbee0969bcad0200cfb
- 1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
- 6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
- cd60488acc0cc596c0de63eb0a7bca4ada4748fc4e76a86ca0fab42f15050347
SHA-1
- 58f97a1534d83bb1b51cd1e39252a0be809cbcf4
- 8fc864f028b59a3c4a34b013c119d79c5d72e24f
- c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
- 8fc864f028b59a3c4a34b013c119d79c5d72e24f
- 6c5a12188e6befa0cf52ed3c14b695f821fd24ce
- c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
- 58f97a1534d83bb1b51cd1e39252a0be809cbcf4
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment