Rewterz Threat Advisory – Mozilla Thunderbird SMTP server response codes buffer overflow
December 3, 2020Rewterz Threat Advisory – McAfee Total Protection (MTP) privilege escalation
December 3, 2020Rewterz Threat Advisory – Mozilla Thunderbird SMTP server response codes buffer overflow
December 3, 2020Rewterz Threat Advisory – McAfee Total Protection (MTP) privilege escalation
December 3, 2020Severity
Medium
Analysis Summary
The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. The group is back again with undocumented backdoor and document stealer dubbed Crutch targeting specific Ministry of Foreign Affairs in a country of the European Union. Turla has compromised many governments, especially diplomatic entities, all around the world, operating a large malware arsenal. The main motive of the malware were mainly doing reconnaissance, lateral movement and espionage.
Impact
- Information theft
- Data Exposure
- Exposure of sensitive documents
Indicators of Compromise
MD5
- 8e2ce1bc84ad3edd3c38037c982b509a
SHA-256
- 0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5
SHA1
- A010D5449D29A1916827FDB443E3C84C405CB2A5
- 2FABCF0FCE7F733F45E73B432F413E564B92D651
- A4AFF23B9A58B598524A71F09AA67994083A9C83
- 778AA3A58F5C76E537B5FE287912CC53469A6078
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.