Rewterz Threat Advisory – CVE-2020-4481 – IBM UrbanCode Deploy XML external entity injection
August 6, 2020Rewterz Threat Advisory – CVE-2020-4243 – IBM Security Identity Governance and Intelligence Vulnerability
August 6, 2020Rewterz Threat Advisory – CVE-2020-4481 – IBM UrbanCode Deploy XML external entity injection
August 6, 2020Rewterz Threat Advisory – CVE-2020-4243 – IBM Security Identity Governance and Intelligence Vulnerability
August 6, 2020Severity
High
Analysis Summary
TA505 is a prolific cybercriminal group known for its attacks against multiple financial institutions and retail companies using malicious spam campaigns and different malware. In the group’s latest campaign, they deploy the Get2 Downloader via Office Template Macros which leads to the malware. This also allow threat actors to to gain access to the compromised network, providing opportunities to steal financial data or install ransomware. This is an active campaign expected to target financial institutions around the world.
Impact
- Data exfiltration
- Exposure of sensitive data
Indicators of Compromise
MD5
- e2f9038908576da6b73e68d7f8fcd5f9
SHA-256
- 36eed2086307f7c6dc261aa714888bc4e3f8e0e2c17ba35addf9df400fff33e7
SHA1
- f60de2a50ad812bff74f998436c54b286774e6fd
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.