Rewterz Threat Alert –Raccoon Infostealer – Active IOCs

August 9, 2021

Rewterz Threat Advisory –Multiple Microsoft Exchange Servers Security Vulnerabilities

August 9, 2021

Rewterz Threat Advisory –CVE-2021-20090 – Router Vulnerability Being Exploited In The Wild

August 9, 2021

Severity

Medium

Analysis Summary

CVE-2021-20090

Buffalo routers could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the Web interface containing “dot dot” sequences (/../) to bypass authentication. The attacker seems to be attempting to deploy a Mirai variant on the affected routers using scripts similar in name to the ones mentioned by Palo Alto Networks in March. The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability. This vulnerability is being exploited in the wild.

Impact

Server Outage
Data Loss
Website Downtime

Affected Vendors

Buffalo

Affected Products

Buffalo WSR-2533DHP3 1.24
Buffalo WSR-2533DHPL2 1.02

Indicators of Compromise

IP

27[.]22[.]80[.]19
212[.]192[.]241[.]72

MD5

5e450f4f32d5054a784079da0e91aed3
f0b0acf4f9bb09f22c2f54ca3c214bef
ee40c8405d4247897e0ae9631fbf1829
b1fefac85d00fa80a402d7fe8166dade
ee7249ee77e59cad5ec52cfb8c2e27f1
fb753a2ab5e2ca61424b28f7ff3d1344
9344542748024ed06d98116e3b5f86d6
df4955166992ec18c270c79ffe1471e2
55f6eb2e1d81837383255f6ffa3d20b5

SHA-256

73edf8bfbbeaccdd84204f24402dcf488c3533be2682724e5906396b9237411d
8bb454cd942ce6680f083edf88ffa31661a47a45eb3681e1b36dd05043315399
f83eadaa00e81ad51e3ab479b900b981346895b99d045a6b6f77491c3132b58c
e4bc34e321b31926fd2fa1696136187b13864dfa03fba6848e59f9f72bfa9529
80331cf89f3e6026b33b8f1bfa1c304295b9327311661d7927f78824f04cf528
904f9b2e029595365f4f4426069b274810510908c7dd23a3791a831f51e9f1fc
283f932f30756408a59dac97a6965eb792915242214d590eab1c6cb049148582
c2f5bbf35afc7335f789e420c23c43a069ecfcca1a8f9fac5cd554a7a769440e
70764ef9800c1d09f965fbb9698d0eda52448b23772d118f2f2c4ba37b59fc20

SHA-1

0d984bc367f896507b6ac63a2d54de649febe692
8610b6d1742b68fa6a1ca65dce5ab59ffda21700
c4b2dbfed3cd1fe0dc1352a8748e724f8f0f47b7
c7de40cac97a43d051ff3f32130ae87f528ffc8c
c1b778e6fdc884b7e74dd8a5864731f8bdf8ef4c
97901ee4bec90572fea2d576bc54cc187af93852
997c2af5c3010822e2a3653e7fcfc6b8dd2065c1
09b3f38986ec21bfd37a165a6422ef98dac92974
fd6c2d52628808802c890c130e3f1d1e6a9c8f54

Remediation

Upgrade your operating system.
Don’t open files and links from unknown sources.
Install and run anti-virus scans.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert –Raccoon Infostealer – Active IOCs

Rewterz Threat Advisory –Multiple Microsoft Exchange Servers Security Vulnerabilities