Rewterz Threat Advisory – Multiple QNAP Vulnerabilities
July 2, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 2, 2021Rewterz Threat Advisory – Multiple QNAP Vulnerabilities
July 2, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
July 2, 2021Severity
High
Analysis Summary
(APT28, Fancy Bear, Pawn Storm, Sofacy Group, Sednit, STIONTIUM, etc.), is an Russian-backed APT organization with a military intelligence agency background. The organization’s main targets are government agencies, diplomatic agencies, and scientific research institutions in North America, Central Asia, and Europe. APT28 has used zebrocy downloader many times in historical attacks. Zebrocy downloader includes Delphi version, nim version, autolt version, VB.NET version, Visual C++ version, C# version and go version.
Impact
- direct-cpu-clock-access
Indicators of Compromise
IP
- 95[.]141[.]36[.]180
- 77[.]83[.]247[.]81
- 193[.]29[.]187[.]60
- 192[.]145[.]125[.]42
- 188[.]214[.]30[.]76
- 185[.]233[.]185[.]21
- 185[.]141[.]63[.]47
- 158[.]58[.]173[.]40
- 93[.]115[.]28[.]161
- 195[.]154[.]250[.]89
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.