Rewterz Threat Alert – APT-C-41 StrongPity – IOCs
January 7, 2021Rewterz Threat Advisory – CVE-2021-21111 – Google Chrome WebUI security bypass
January 8, 2021Rewterz Threat Alert – APT-C-41 StrongPity – IOCs
January 7, 2021Rewterz Threat Advisory – CVE-2021-21111 – Google Chrome WebUI security bypass
January 8, 2021Severity
High
Analysis Summary
The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. This time they’re back with the another malicious sample dropping malicious exe file samples to different users. Believed to be sponsored by the Russian FSB security service, Turla has been active since at least 2008 and while constantly evolving its own toolkit, has also been turning its attention towards the infrastructure and resources of other APTs.
Impact
Information theft and espionage
Indicators of Compromise
Filename
- AgentSvc[.]exe
MD5
- 3cd389c05ec3383cc2572f305b640168
SHA-256
- 48dced47372853658202b286920bb4fd0ab16de7c5d5b736eac84eee023d569f
SHA1
- 7e3bd851b26e827a97052b14c65febfce81fe960
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.