top of page
Security Operations Team

Downloading Patches from Russia? Get more than you bargained for!


If your downloading patches for Meltdown and Spectre you may want to make sure your not installing them off of 4 servers (below). It appears as though Russians are using the vulnerability to bundle "patches" that include the infamous smoke loader.

IBM X-Force first reported this earlier today and the Jigsaw Security team farther enriched the content to provide more context. In short if your downloading patches, make sure your getting them from your trusted vendors. US-CERT put out recommendations earlier today which list where you can get reputable patches for fixing these vulnerabilities. So far only the Meltdown vulnerability has been patched by most vendors. The Spectre vulnerability may take some time while hardware vendors come up with Bios patches and other solutions to the issue. As we said earlier it's nearly impossible to patch 100% of a hardware issue with software.

Indicators of Compromise:

10bestwatches[.]com 20ml[.]bid 20ml[.]biz 20ml[.]club 20ml[.]info 213.163.64[.]53 24roadside[.]help 2tracks[.]club 7hours[.]biz 7t30fw0t3t[.]accountant abelcopy[.]com adbetclickin[.]pink addgoogleonline[.]com admiralavtomatyy[.]com adobeflashplayerupdate[.]online adobelabs[.]org adolforodriguezsaa2015[.]com agile-transport-services[.]com akamaito[.]net akpprosto[.]net aliaslonga[.]info alpitrack[.]com ambien10mg[.]org androidupdatesystem[.]com anmartech[.]com antibioticstore[.]online anvarovich[.]com apotheken-umleitung[.]biz appleipanel[.]com areanet[.]ru armyofplayers[.]com coolwater-ltd-supportid[.]ru localprivat-support[.]ru service-consultingavarage[.]ru sicherheit-informationstechnik[.]bid

Checksum for Fake Patch:

cd17ce11df9de507af025ef46398cfdcb99d3904b2b5718bff2dc0b01aeae38c

Link to US-CERT Guidance:

7 views0 comments
bottom of page