Severity

High

Analysis Summary

APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They 
previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.

Impact

• Credential theft
• Exposure of sensitive data 

Indicators of Compromise

Filename

Procurement Details[.]docx

MD5

79b09a28e122177ba7c0e8bb77011295

SHA-256

2e9acc12fac84e54afabf2f10377fc3a01ecc786332575e40ab39b03ae330d4d

SHA1

e46529af71c3efc2488985cc5f05098dcd92eca5

URL

hxxp[:]//securecon[.]top/KB8XP/178P

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.