Rewterz Threat Advisory – Cisco WebEx Network Recording Player Information Disclosure
May 28, 2021Rewterz Threat Advisory – CVE-2021-20591 – ICS: Mitsubishi Electric MELSEC iQ-R Series
May 28, 2021Rewterz Threat Advisory – Cisco WebEx Network Recording Player Information Disclosure
May 28, 2021Rewterz Threat Advisory – CVE-2021-20591 – ICS: Mitsubishi Electric MELSEC iQ-R Series
May 28, 2021Severity
High
Analysis Summary
Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. Attacker’s main target is to get control of the target system using the malicious document. The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.
Impact
- Template injection
MD5
- 52b8fb5e210e6e6aa2035d9c6a65dd61
SHA-256
- 8f19eaae3d761093d89042075f860bd626e943931a8bbae52c19a4bb7479812a
SHA1
- 74ebfc0af5aad56238b6f73351bc53d7c7f2e2c2
URL
- hxxp[:]//83[.]166[.]246[.]59/SGZ2/rejoice/lowered[.]dot
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.