Rewterz Threat Advisory – CVE-2021-23348 – Node.js portprocesses module command execution

April 1, 2021

Rewterz Threat Advisory – Citrix Hypervisor Security Update

April 1, 2021

Rewterz Threat Alert – Russian APT Gamaredon Using Template Injection

April 1, 2021

Severity

High

Analysis Summary

Gamaredon, the Russia-backed advanced persistent threat (APT) threat actor that has been active since at least 2013 has reinforced its cyber warfare activities a new surge of Gamaredon APT attacks targeting users with template injection of malicious documents. Attacker main target is to get control of the target system using the malicious document.The exploit document employs the template injection technique to install
additional malware on the victim’s machine. Upon opening the document, it connects back to the hacker’s server to download the payload file.

Impact

Template injection

Indicators of Compromise

MD5

4b8ba14bd7599c58683cafd49387649d

SHA-256

775ffa9f9ae3b9b07b368f38161d0a81d54d801f4ccb39e6957d1b3dfa2bf0c1

SHA1

2abf1faad07847db82f539804c17a0844014b283

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2021-23348 – Node.js portprocesses module command execution

Rewterz Threat Advisory – Citrix Hypervisor Security Update

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.