Rewterz

Rewterz Threat Alert – Lokibot – Active IoCs

December 10, 2020
Rewterz

Rewterz Threat Alert – NjRAT Leverages PasteBin for Second Stage Payload

December 11, 2020

Rewterz Threat Advisory – 16 Bugs to Patch After FireEye’s Hack

Severity

High

Analysis Summary

Following the FireEye hack and theft of their red team tools, FireEye provided a list of CVEs in their blog to allow customers to assess their vulnerability to the tools. Those IoCs are given below. 
As part of this disclosure, FireEye also released a repository of signatures/rules designed to detect the use of these tools across a variety of detection technologies. 

CVEProduct
CVE-2019-11510Pulse Secure
CVE-2020-1472Netlogon (Windows)
CVE-2018-13379Fortinet FortiGuard FortiOS
CVE-2018-15961Adobe ColdFusion
CVE-2019-0604Microsoft SharePoint
CVE-2019-0708Microsoft Remote Desktop Services
CVE-2019-11580Atlassian Crowd and Crowd Data Center
CVE-2019-19781Citrix Application Discovery Controller and Citrix Gateway
CVE-2020-10189Zoho ManageEngine Desktop Central
CVE-2014-1812Group Policy implementation in Microsoft Windows
CVE-2019-3398Confluence Server and Data Center
CVE-2020-0688Microsoft Exchange
CVE-2016-0167Microsoft Windows
CVE-2017-11774Microsoft Outlook
CVE-2018-8581Microsoft Exchange Server
CVE-2019-8394Zoho ManageEngine ServiceDesk Plus

Impact

Multiple

Affected Products

Multiple

Remediation

Patch these vulnerabilities as soon as possible.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.