February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
September 20, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
September 21, 2021Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
September 20, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
September 21, 2021
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region
Impact
- Information Theft and Espionage
Indicators of Compromise
File Name
- 1609010242134-Letter_toISI_13-09-2021[.]doc
MD5
- be9bd8ed8a4c052be5cedb0266f50c0d
SHA-256
- 3e2b72c3769b7e2ddc57326e0fbad1e182a18bd20a081361b1ad98e5cf4da0d1
SHA-1
- 88758b75990f566f5c099fc23a6c9ade1ce90bd9
URL
- hxxps[:]//olmajhnservice[.]com/nt[.]php/?dt=%computername%-EX-1&ct=1
Remediation
- Block all threat indicators all your respective controls.
- Search for IOCs in your environment