March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 1, 2022Rewterz Threat Alert – APT Mustang Panda – Active IOCs – Russian-Ukrainian Cyber Warfare
March 1, 2022Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
March 1, 2022Rewterz Threat Alert – APT Mustang Panda – Active IOCs – Russian-Ukrainian Cyber Warfare
March 1, 2022
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. The malicious file suspected of being used as an attachment has the name PAC Advisory Committee Report.doc. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Delegation Visit Details March 2022[.]xlsx
MD5
- f45f45a5ee8b4d31188139c1976167b2
- 2454a5b5f7793d372c96fd572c1de2cc
SHA-256
- ec9e656a7ef5791cc4f86d17140dd012a5154cd83419669e43785b6370a00b70
- 90fd32f8f7b494331ab1429712b1735c3d864c8c8a2461a5ab67b05023821787
SHA-1
- 0a71ccacab3d5f66730791ecbe4e2030e8a21a89
- bcd7a2191af9ddb1bd627e36a55fc55680e36f51
URL
- http[:]//pns[.]org[.]pk/crt/xe
- http[:]//subscribe[.]tomcruefrshsvc[.]com/VcvNbtgRrPopqSD/SzWvcxuer/userlog[.]php?id=WORK&&user=admin&&OsI=
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.