March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities
September 17, 2021Rewterz Threat Alert – APT MustangPanda – Active IOCs
September 17, 2021Rewterz Threat Advisory – Multiple Apache Jena and HTTP Server Vulnerabilities
September 17, 2021Rewterz Threat Alert – APT MustangPanda – Active IOCs
September 17, 2021
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region
Impact
- Information Theft and Espionage
Indicators of Compromise
File Name
- Advisory-30[.]doc
MD5
- 331b1c0e1e67438a5491cb827731b7d3
SHA-256
- a169156b0d307ca978d722cafbd3bc1d04c94e55f71bc9d16ba6fabb8140be83
SHA-1
- 776f4d5c2291e73b302be9791cadac9c88555821
Remediation
- Block all threat indicators all your respective controls.
- Search for IOCs in your environment