Rewterz

Rewterz Threat Advisory – CVE-2021-1431 – Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability

March 25, 2021
Rewterz

Rewterz Threat Advisory – CVE-2021-1423 – Cisco Aironet Access Points security bypass

March 25, 2021

Rewterz Threat Alert – APT-C-23 aka AridViper Active IOCs

Severity

High

Analysis Summary

APT C-23 also known as AridViper and Desert Falcon has resurfaced with a malicious documents targeting victims about the sensitivity of the never ending conflict between Israel and Palestine. The group’s discovery came around March 2017 with their main targets emerged as Middle East. The group has previously faked an android app to deploy Android/SpyC23.A mainly for spying, including reading notifications from messaging apps, call recording and screen recording, and with new stealth features, such as dismissing notifications from built-in Android security apps.

Image

Impact

Information theft and espionage

Indicators of Compromise

Filename

  • The position of the president and the leadership on the elections and the corresponding proposals for the decrees[.]001

MD5

  • 335e604a7c3866b3fad6e8ee6989ddb9

SHA-256

  • b6ed0833d4a19d2eca5f6f856c595d5329532ff116163047ed4e3a27c9f8bd69

SHA1

  • f22f013a2b37017c9a5bd0470615b4b8503d6bce

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.