February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2021-34527 – Microsoft Windows Code Execution
July 3, 2021Rewterz Threat Alert – REvil Ransomware Supply Chain Attack – Active IOCs
July 5, 2021Rewterz Threat Advisory – CVE-2021-34527 – Microsoft Windows Code Execution
July 3, 2021Rewterz Threat Alert – REvil Ransomware Supply Chain Attack – Active IOCs
July 5, 2021
Severity
High
Analysis Summary
Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. The attacker main target is to get control of the target system using the malicious document.The exploit document employs the template injection technique to install additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.
Impact
- Template injection
- Exposure of sensitive data
Indicators of Compromise
Filename
- заявление для члена[.]doc
MD5
- a0b9cc8592c9013954707ddef5cd9a9d
SHA-256
- ad629e0471af6f47fdb2aa6008c03b5a854de3a4d0f7e69d3ad99933be06dbfd
SHA1
- 4ff0dca24a82cc1fdd1e967ed3967b5b0350b83e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.