February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Gamaredon Attacking Ukraine – Active IOCs
February 8, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
February 9, 2022Rewterz Threat Alert – Gamaredon Attacking Ukraine – Active IOCs
February 8, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
February 9, 2022
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 56345a64586540c26e16881fdddbbbf9
SHA-256
- 9ffb493665283e1229fc5ecaa08b8f80a711a751fe36e25789305ab22330b148
SHA-1
- 930e99d29e3d1a8173acf1c28fd108559b1b52e2
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.