Rewterz Threat Advisory – CVE-2020-36282 – IBM QRadar SIEM Vulnerability
June 18, 2021Rewterz Threat Advisory – CVE-2021-21997 – VMware Tools for Windows
June 21, 2021Rewterz Threat Advisory – CVE-2020-36282 – IBM QRadar SIEM Vulnerability
June 18, 2021Rewterz Threat Advisory – CVE-2021-21997 – VMware Tools for Windows
June 21, 2021Severity
Medium
Analysis Summary
Smokeloader is a popular bot and a veteran in its field, this piece of malware is used mainly for loading other malicious software, usually obtained from a third party. At the same time, it has the capability of loading its own modules, allowing it to conduct a variety of actions without the usage of external components. The seller of Smokeloader (which is known by the handle SmokeLdr) is active in providing this malware as a service to this date.
Impact
- Exposure of sensitive information
Indicators of Compromise
MD5
- 4a6b686ed3f18f9aecf846d08a6aa948
- c93a63f4885288dd5adf487669c7b536
- 87b6aa9999f339367e81cece5164cc61
- 201abecf58b4a4653f4665a322b9a573
- f7b2e05c16597bca1151f709dffb2e07
- e3686e4e0ed04a1fd38bb5060cb2441e
- 8069ee1a3ad38d0993af883ce950ed1f
- 9fda2eff0c17e820a5ee70cd800d2e4e
SHA-256
- 0283e1aa9bb9b29313432897675a5cb0f200112934b26a13818088056b43cf60
- ab9a7947956ab4c2f387ed3f360d54a04306823e385faba94493fe4d8815c0b6
- 88d9141e63c5e2d05294b43d85ffc2604c3eda3b2cac69149743e3990b547212
- f8aa33b99bb248f640363d937986e465239346a7f25f8e8579b92b5c975f38a9
- 869f03c29e3c1d4d695e0dfb20631101b480ba3f74a93ed94ce8110dd4b23dce
- 1d1dbabc1c905c7153847c6bb5b88905942d414c4dbf39e3784dc9a62e1120db
- cdd2e208a722c7614f0e00a20bbbc168fd84c7ef1b3ad06ed34d93e9b2ff34b4
- 32c331671d9c8e82aa0b390356f538254248fa7005c1e7fb82d30fe12fac6ef9
SHA-1
- 34f61ef270882428b0a614ecf8de35cfda5812cb
- 1f54b2bf4963e334a6d19052bb72fee795d06a05
- 0f0cc9bae58961ceec44d77c09f7670b6e6dcd32
- 55ce2341573c2cf780a5212d99e814c12d124d0d
- 3996f141685ec86ef537dd9e580b57406476bdcf
- 7a6e59e6c01135ab4ec685dc8c6bf7835429c916
- dfc51f91a62fafda617000e6a3ca44f6588e0b09
- f196cd8a388a3133e0cbce59619e6078a0507835
Remediation
- Block all threat indicators at your respective controls
- Keep your software patches updated
- Exercise caution when receiving messages from unknown third parties