Rewterz Threat Alert – APT10 MenuPass

Rewterz Threat Advisory –Multiple F5 BIG-IP Vulnerabilities

August 25, 2021

Rewterz Threat Alert – Vidar Malware – Active IOCs

August 25, 2021

Rewterz Threat Alert – APT10 MenuPass – Active IOCs

Severity

High

Analysis Summary

MenuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security’s (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. MenuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.

Impact

Data Encryption

Indicators of Compromise

Filename

active_desktop_render[.]dll

MD5

3a4b6d3685ddbcc18d607cd7a4c2844e
957af740e1d88fabdaf73bd619cb3d31

SHA-256

c0ad7298face0d194adc166bba14e77c30ce9eba2a931f79d022ec0afe3ef248
ed834722111782b2931e36cfa51b38852c813e3d7a4d16717f59c1d037b62291

SHA1

0b57a740ff9b27ceea7d062e132cc9e3da562beb
a43002aed315f1f52d7628009438d685a2e361b3

Remediation

Block all the threat indicators at your respective controls.
Search for IOCs in your environment.