Rewterz Threat Alert – APT Group Gamaredon

Rewterz Threat Alert – Kimsuky APT Group – Active IOCs

March 8, 2022

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 8, 2022

Rewterz Threat Alert – APT Group Gamaredon – Active IOCs

Severity

High

Analysis Summary

Gamaredon is a Russia-backed advanced persistent threat (APT) that has been operating since at least 2013. The main goal of this APT is to use the malicious document to gain control of the target machine. The exploit document uses the template injection technique to infect the victim’s computer with further malware. When the document is opened, it connects to the hacker’s server and downloads the payload file. Gamaredon’s tools are simple and designed to collect sensitive information from hacked systems and propagate it further. Its information-gathering efforts are nearly comparable to those of a second-tier APT, whose primary purpose is to collect and disseminate information with their units.

Impact

Template Injection
Exposure of Sensitive Data

Indicators of Compromise

Domain Name

descend91[.]gortisir[.]ru

Filename

7ZSfxMod_x86[.]exe

IP

80[.]78[.]251[.]33

MD5

9651c8d7fc951e1e02a0149c9d07ed88

SHA-256

fa26fe1eb2c25d4f104febdf0df061b0807e7f70eecf74c7583e72a7bd6c07bb

SHA-1

4512c9d2aeebc1e135f0be0ab3bb148b0421ab53

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.