Rewterz Threat Advisory – CVE-2021-35523 – Securepoint SSL VPN Client Vulnerability
June 29, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 29, 2021Rewterz Threat Advisory – CVE-2021-35523 – Securepoint SSL VPN Client Vulnerability
June 29, 2021Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
June 29, 2021Severity
High
Analysis Summary
The REvil ransomware operation now uses a Linux encryptor that targets and encrypts Vmware ESXi virtual machines.
With the company migrating to virtual machines for easier backups, device management, and efficient use of resources, ransomware gangs are increasingly creating their own tools to massively encrypt the storage used by virtual machines. On the REvil operation forum, they confirmed that they had released a Linux version of their encryptor that could also work on NAS devices.
Impact
- Credential Theft
- File Encryption
- Information Disclosure
- Data Breach
Indicators of Compromise
MD5
- 395249d3e6dae1caff6b5b2e1f75bacd
- e199f02ffcf1b1769c8aeb580f627267
- ab3229656f73505a3c53f7d2e95efd0e
- 96a157e4c0bef22e0cea1299f88d4745
- 395249d3e6dae1caff6b5b2e1f75bacd
- e199f02ffcf1b1769c8aeb580f627267
- ab3229656f73505a3c53f7d2e95efd0e
- 96a157e4c0bef22e0cea1299f88d4745
- 395249d3e6dae1caff6b5b2e1f75bacd
- e199f02ffcf1b1769c8aeb580f627267
- ab3229656f73505a3c53f7d2e95efd0e
- 96a157e4c0bef22e0cea1299f88d4745
SHA-256
- ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
- d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
- 796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
- 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
- ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
- d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
- 796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
- 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
- ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
- d6762eff16452434ac1acc127f082906cc1ae5b0ff026d0d4fe725711db47763
- 796800face046765bd79f267c56a6c93ee2800b76d7f38ad96e5acb92599fcd4
- 3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d
SHA1
- 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
- 9586ebc83a1b6949e08820b46faf72ee5b132bca
- 45404b862e70a7a1b4db6c73d374b8ac19ddf772
- 446771415864f4916df33aad1aa7e42fa104adee
- 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
- 9586ebc83a1b6949e08820b46faf72ee5b132bca
- 45404b862e70a7a1b4db6c73d374b8ac19ddf772
- 446771415864f4916df33aad1aa7e42fa104adee
- 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
- 9586ebc83a1b6949e08820b46faf72ee5b132bca
- 45404b862e70a7a1b4db6c73d374b8ac19ddf772
- 446771415864f4916df33aad1aa7e42fa104adee
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.