February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – LokiBot Malware – Active IOCs
August 23, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 23, 2022Rewterz Threat Alert – LokiBot Malware – Active IOCs
August 23, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 23, 2022
Severity
High
Analysis Summary
APT29 aka Nobelium and Cozy Bear are the group which were behind the infamous Solar Wind attacks in 2020. APT29 threat group has previously targeted commercial entities and government organizations in Germany, Uzbekistan, South Korea and the US, including the US State Department and the White House in 2014. They have also targeted several vaccine manufacturers in attempt to sabotage the process to combat the Coronavirus pandemic. This time they’ve come up with a current campaign to target government organizations in attempt to steal sensitive information.
Impact
- Information Theft and Espionage
- Exposure of Sensitive Data
Indicators of Compromise
MD5
c638a507d95fdbb0532a7b5befc45947
SHA-256
- bac5c5053099e2be39634a2f4313db96952d208c3645444e817675aa01c2cac6
SHA-1
- cc0df3e23cb92a827ac2cd7492809d97127f51d6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment