This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

The Sandworm Team and You

RSAAdmin
Beginner
Beginner

‎2014-10-14 08:24 PM

iSIGHT Partners released a report today outlining the exploitation of the 0-day vulnerability contained in CVE-2014-4114 by a threat
actor team they have dubbed “The Sandworm Team”. Believed to originate in Russia, their targets have included N.A.T.O, energy and telecommunications firms, as well as several European countries and US educational institutions.

 

Their common modus operandi is the use of spear phishing, luring users to open weaponized Powerpoint files that install one of the many BlackEnergy malware variants.

 

RSA has updated our 3rd party IOC feed to contain the IP addresses of the control servers being utilized by the Sandworm Team. Customers subscribing to the  "Third Party IOC IPs" feed can perform the following pivot within Security Analytics to identify potentially compromised servers:

 

threat.desc begins “sandworm team”

Happy Hunting!

0 Likes
1 REPLY 1

Anonymous
Not applicable

‎2014-10-16 10:01 AM

Nice job on the quick turnaround Scott.  Have any of the Community members had success with this parser?  FYI there is also a thread on POODLE on the Community here https://community.emc.com/thread/200930

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.