April 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 16, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 16, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 16, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 16, 2022
Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
1ce3d938f66cf051caf4c321a560db7c
6cdd8f7311975edcfd51e3a08e28390a
b6dc9ba009d68322a855705bdec21a52
SHA-256
69cf309f71c3240525d00a14be5d0390c99313e24b0b6fef1d034f90c69cdd3d
3402afd799f0fffb4704b5d3f6223086d2d2e23914107f44d21891eea65c0e0b
03f6c8f173413302d9c22a44a593fc9a5203fbb7652d3a36b3ace79f3cdc39a3
SHA-1
24c9e28aaeccea2c4fe7767dd740fb763f84ab56
1345d70efb47de3f815cef53565756f6453c4f92
826827a41805c9641430dddf3d1f618da4f7a0b1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.
