Rewterz Threat Alert – Bvp47 Backdoor Used in Targeting Pakistan

Rewterz Threat Advisory – Cyclops Blink – Active IOCs

February 24, 2022

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

February 24, 2022

Rewterz Threat Alert – Bvp47 Backdoor Used in Targeting Pakistan – Active IOCs

Severity

High

Analysis Summary

In the year 2013, a research team extracted a set of advanced backdoors which used code obfuscation, TCP SYN packets, self-destruction design, and system hiding.

Through further research, the researchers found that the multiple procedures and attack operation manuals disclosed by “The Shadow Broker” are completely consistent with the only identifier used in the NSA network attack platform operation manual exposed by CIA analyst Snowden in the “Prism” incident in 2013. – Researchers

The shadow brokers also revealed that the victims spanned 45 countries including Pakistan, Italy, Japan, Russia, Spain, etc.

Impact

Information Theft and Espionage
Exposure of Sensitive Data

Indicators of Compromise

MD5

58b6696496450f254b1423ea018716dc

SHA-256

7989032a5a2baece889100c4cfeca81f1da1241ab47365dad89107e417ce7bac

SHA-1

ad0197db424b35314a479552875e18893a4ba95a

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.