Rewterz

Rewterz Threat Advisory – CVE-2019-12713 – Cisco Prime Infrastructure Cross-Site Scripting Vulnerability

January 14, 2020
Rewterz

Rewterz Threat Alert – APT27 ZxShell RootKit – IOC’s

January 14, 2020

Rewterz Threat Alert – LNK files Targeting Maldives Government

Severity

High

Analysis Summary

A LNK file that targets the Maldives ministry of foreign affairs. The LNK is set to download and execute an HTA file. This is an active campaign going on against Maldives govt with it’s motive still unknown.

Impact

Exposure of sensitive information

Indicators of Compromise

MD5

  • dc7b7eb1a9312890bfd8371e51508d00
  • 00648c4a077de9608e387164af4b392d

SHA-256

  • d928aae8fb1b678be629a3f1bf1ae1accd54a21b25a6f4d8ecf4641cbd4eacf2
  • 6616bd8b0919ad2460d5ebd78e7769e03bd21d7c3fdc1c08f537e92c01015721

SHA1

  • 08eb7aadd30b782ff6cbf60df23885908f7c4074
  • 6d2d29ad5113752eb55921079f5cf54a10d5f9ac

URL

  • http[:]//ncit-gov[.]sytes[.]net/image_error[.]hta
  • http[:]//foreign-mv[.]sytes[.]net/inauguration_[.]hta
  • http[:]//foreign-mv[.]sytes[.]net/command_centre_[.]hta
  • http[:]//foreign-mv[.]sytes[.]net/Command_Centre_[.]hta
  • http[:]//domain-lk[.]sytes[.]net/pdf_password[.]hta
  • http[:]//domain-lk[.]sytes[.]net/pdf_error[.]hta
  • http[:]//domain-lk[.]sytes[.]net/password[.]hta
  • http[:]//domain-lk[.]sytes[.]net/mndf[.]hta
  • http[:]//domain-lk[.]sytes[.]net/leaked_tender_documents[.]hta
  • http[:]//domain-lk[.]sytes[.]net/inauguration[.]hta
  • http[:]//domain-lk[.]sytes[.]net/command_centre[.]hta
  • http[:]//domain-lk[.]sytes[.]net/Pdf_Error[.]hta

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.