March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Intel Trace Analyzer and Collector Vulnerabilities
February 11, 2022Rewterz Threat Advisory – CVE-2022-24086 – Adobe Commerce and Magento Open Source Vulnerability
February 14, 2022Rewterz Threat Advisory – Multiple Intel Trace Analyzer and Collector Vulnerabilities
February 11, 2022Rewterz Threat Advisory – CVE-2022-24086 – Adobe Commerce and Magento Open Source Vulnerability
February 14, 2022
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. The malicious file suspected of being used as an attachment has the name PAC Advisory Committee Report.doc. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- List of participants for Ops training[.]chm
MD5
- 1d7d9b2c46bd733f5270d34c4dd748e9
SHA-256
- e8b7fffa0a2d8a2051c3272bfaefffe7174707756cb8469c0f985bfa03fce476
SHA-1
- 2edbcd15a28442e2a67492ea75c6583a90798f51
URL
- http[:]//myprivatehostsvc[.]com/assets/js[.]php?h=HostName*UserName
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.