• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Mozilla Thunderbird SMTP server response codes buffer overflow
December 3, 2020
Rewterz Threat Advisory – McAfee Total Protection (MTP) privilege escalation
December 3, 2020

Rewterz Threat Alert – Turla APT Group Targeting European Union

December 3, 2020

Severity

Medium

Analysis Summary

The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. The group is back again with undocumented backdoor and document stealer dubbed Crutch targeting specific Ministry of Foreign Affairs in a country of the European Union. Turla has compromised many governments, especially diplomatic entities, all around the world, operating a large malware arsenal. The main motive of the malware were mainly doing reconnaissance, lateral movement and espionage.

Figure-3.-Architecture-of-Crutch-v3-150x150.jpg

Impact

  • Information theft
  • Data Exposure 
  • Exposure of sensitive documents

Indicators of Compromise

MD5

  • 8e2ce1bc84ad3edd3c38037c982b509a

SHA-256

  • 0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5

SHA1

  • A010D5449D29A1916827FDB443E3C84C405CB2A5
  • 2FABCF0FCE7F733F45E73B432F413E564B92D651
  • A4AFF23B9A58B598524A71F09AA67994083A9C83
  • 778AA3A58F5C76E537B5FE287912CC53469A6078

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.