Rewterz Threat Advisory – CVE-2021-1402 – Cisco Firepower Threat Defense Software SSL Decryption Policy DoS Vulnerability
June 9, 2021Rewterz Threat Advisory – ICS: Siemens Multiple Vulnerabilities
June 9, 2021Rewterz Threat Advisory – CVE-2021-1402 – Cisco Firepower Threat Defense Software SSL Decryption Policy DoS Vulnerability
June 9, 2021Rewterz Threat Advisory – ICS: Siemens Multiple Vulnerabilities
June 9, 2021Severity
High
Analysis Summary
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit card numbers, crypto wallet accounts, and more. The malware is still in its developing phase but packs a punch with its capabilities. Oski C2’s dashboard revealed that Oski’s theft tactics involve extracting credentials using man-in-the-browser (MitB) attacks by hooking the browser processes using DLL injection, It also extracts credentials from the registry, passwords from the browser SQLite database, and stored session cookies of all stripes, including crypto-wallet cookies from Bitcoin Core, Ethereum, Monero, Litecoin, and others.
Impact
- Credential theft
- Information disclosure
Indicators of Compromise
MD5
- bae1820a589c3c2a3d76bb6984e155ef
SHA-256
- b7e2b37e97963d45b71ef70bc0d8060336757c0c57c245c4afd87a8f7d7a6b2d
- 2e5492db36a7d3472205a9b2e0f6915501001fd38580b2fff3d897f5f983c07e
- 6a90747e994871cb1556c89efbaf0fa6f755fe4392ac1dfd5122d97f44096f8f
- 7306fb8e6beb55670cbd66849de1bba703d010166361c1c9f1b56314d7f77733
- 78e1650c6b289088c2224f07d530f85b3a75c9698f60eca795e3f75e2e4f3611
- 879ffc6d14cd99fdde3f2ff9fac1ad08af7848cb18a68d9b7de72a6eb2824f1b
- 26742bde0f3465983c03706acf3b37b1583904f1993d2f9036ff636b313f4b04
- c17c48163d0b124b07fdda6b15196db8fe8c510d9c8afbb5abf3666bfb109b26
- 0c7ce125e3003caf1c7913fda7db380e6e0c7810923103dbb271283118900f94
- 9aca1af01849129298bada27908964ce2be2775ffb38bd578eba794f3a91fac9
- 9d5813fe8eca2837acc3e2eb1256a7a502a2f2dd037348e573b43c76f85aba83
- f64b2a93af7939876cb9af6f7f2d0702fe09a02e5a7968c90fc5ed0fa9915e1f
- f64b2a93af7939876cb9af6f7f2d0702fe09a02e5a7968c90fc5ed0fa9915e1f
- 518c8c977ad18b3a0e462f98e88effba7e357e3eef060f3b85a7afc761907b1d
- 841c80d880692060d97a7a84fb8b6cbea1472c548714d92d60a821a60c4ae4c4
- 656fd8e974d530e493fcbe38517f8635611dd4f55403ead65b1e525f3fce7500
- 304d51352cd5570568501f89ea1831a1b9367a4ab873566795e21888ada20aa2
- 245f962fa8ec09944b413f41836d81d8fbc961c34f43e3d8f76cc6324eefe11e
- 27246af1d222060efe273a53a82cd8550629b0826fd7de6a035265090216d719
- b07489dfcfc4ec7f3cd9459a76bbaa04506ca3fbbd8b538d6b1c2937737e8101
- 9861e5db0eacb329364eabe37d837d20ad6e9210cba4641f9e09abca0173cb2e
SHA1
- e083da95c8870158a2bdde3a94571904ca514f39
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders