April 25, 2024

April 25, 2024

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

April 25, 2024

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Alert – Kimsuky Group – IOC’s

October 11, 2019

Rewterz Threat Alert – Adwind Campaign targeting Petroleum Sector

October 14, 2019

Rewterz Threat Alert – Mahalo FIN7 – IOC’s

October 11, 2019

Severity

High

Analysis Summary

The first of FIN7’s new tools is BOOSTWRITE – an in-memory-only dropper that decrypts embedded payloads using an encryption key retrieved from a remote server at runtime. FIN7 has been observed making small changes to this malware family using multiple methods to avoid traditional antivirus detection, including a BOOSTWRITE sample where the dropper was signed by a valid Certificate Authority. One of the analyzed BOOSTWRITE variants contained two payloads: CARBANAK and RDFSNIFFER. While CARBANAK has been thoroughly analyzed and has been used maliciously by several financial attackers including FIN7, RDFSNIFFER is a newly-identified tool recovered by Mandiant investigators.

Impact

Financial loss

Indicators of Compromise

Malware Hashes

MD5

af2f4142463f42548b8650a3adf5ceb2

a67d6e87283c34459b4660f19747a306

SH256

8773aeb53d9034dc8de339651e61d8d6ae0a895c4c89b670d501db8dc60cd2d0

18cc54e2fbdad5a317b6aeb2e7db3973cc5ffb01bbf810869d79e9cb3bf02bd5

SHA1

a873f3417d54220e978d0ca9ceb63cf13ec71f84

09f3c9ae382fbd29fb47ecdfeb3bb149d7e961a1

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multi-Step Hijacking Campaign Targets Systems Using Cobalt Strike and SSLoad – Active IOCs

CVE-2024-20358 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Vulnerability

Two Cisco Zero-Day Vulnerabilities Used for Espionage by State-Sponsored Threat Actors – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Kimsuky Group – IOC’s

Rewterz Threat Alert – Adwind Campaign targeting Petroleum Sector