Request a Demo
Rewterz
Rewterz Threat Alert – Nanocore Rat – Active IOCs
March 18, 2022
Rewterz
Rewterz Threat Advisory – Multiple Adobe Acrobat Reader DC Vulnerabilities
March 21, 2022

Rewterz Threat Alert – Cyclops Blink – Active IOCs

Severity

Medium

Analysis Summary

Cyclops Blink is an infectious Linux ELF executable. The executable has been associated by security agencies with a botnet that is used to target small offices. Office and home network devices have been targeted by this large-scale malware since 2019. Two samples of the botnet have been analyzed by security researchers and their information has revealed how it works:

advisory-1645696806.png

Cyclops Blink appears to have been professionally developed, given its modular design approach. A comparison of the core component functionality between the analysed samples indicates that they have most likely been developed from a common code base. – Security  Researchers

The researchers have also attributed Cyclops Blink to Russian APT “Sandworm”.

Impact

  • DDoS (Distributed Denial of Service)
  • File Encryption
  • System Infection

Indicators of Compromise

MD5

  • 12053b6e329902d3a9723a88f3b99278
  • aa35d45d0c7ad31d1bd5c54d31fd06ab
  • d72901696ade1128e8ef42cf6a81e20d
  • 1d7b16b333058a584f5152cfc965a2a6
  • af22b6f54f03160ab2fbc8b5d92f8938
  • 9b33ba6c689b63b24424f28fb629ab11
  • d6a193f48b5acc02010962fdc737e4c3
  • a4d01af3247a81607cf0ba898940b559
  • 676fb7a6d88606d08e9668d667fe70f4
  • 88d9382c5e787bcd5db46c50639c9304

SHA-256

  • 1454338b1bbb692dadb90c758ba8789f56c48dd52f9f94b6dc6784f0944e20f9
  • 145bf0e879d544a17364c53e1e695adab8e927fe196cc0d21ad14be3e2cb469f
  • 36b3a9dcb283fb0f9fd45f4a371006228d206ec0bdd9e3392eb2d07e72f8d7b0
  • 3830213049d64b09f637563faa470b0f2edd0034aa9e92f7908374bd1d6df116
  • 4ec5e0c5dccc5891d39ea76e3c3d3e26d8830d7aa4d63db6084dbfbec6f0d211
  • 6f4ee4e05483ca3db54040506ac21a2b49d2bd12379cafad54764907be228556
  • 82c3f5092d45ce0e19ac42adaf6632b954b8e78d399f673724956a89c1826d7b
  • 88e568afd69fbc944a8d8268e41f2f6100e8bb007083175884ea4149033f4fcf
  • cc3d51578a9dcc7e955061881490e54883904956f5ca5ee2918cd3b249415e59
  • d186f553ad6b38951fdebabfe7ecb4ca6d86ac702a9e8c90a338ad668afdf490

SHA-1

  • bebde70501d4ac04a1c6cfdee5f4e0a5133ba670
  • a8d58a420672426ac66995ff20388ee87c3c6de0
  • 2dde17cb2fea6152176bb845687286805102c108
  • e0ed664561f075d0fb56b4c2b7cfcc6675f264e8
  • b398ad9dc1890086de7bfa650cbecfe7f5e24c7e
  • f5bae673dc6dcb65a2f0140c046380ec270730b4
  • 20595eb572d7d96e72bd80b2c01d00aa0ef3bb0d
  • d116882777fd022885f34bbb95346bb21ad2aea0
  • 844deac5fa30ae8aa85879b0512ba052121e6de9
  • cb6cbbac988e6f60c9a194f98ef5d25ee13fc60b

Remediation

  • Search for IOCs in your environment.
  • Block all threat indicators at your respective controls.