March 11, 2025

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

March 11, 2025

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Proactive Defense: The Importance of Incident Response Planning in Cybersecurity

Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody

February 19, 2021

Rewterz Threat Alert – Trickbot – IOCs

February 19, 2021

Rewterz Threat Alert – Bitter APT Group – IOCs

February 19, 2021

Severity

High

Analysis Summary

APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, CVE-2012-0158, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region.

Impact

Information theft and espionage

Indicators of Compromise

Filename

CICP Z9 Letter dated December 2020[.]exe

MD5

3f45d49bdb6afceb670978cf98f5c2be

SHA-256

7b64a739836c6b436c179eac37c446fee5ba5abc6c96206cf8e454744a0cd5f2

SHA1

81f6de303c0e9279744bb1a00e70ea62428bf28e

URL

http[:]//82[.]221[.]136[.]27/RguhsT/accept[.]php

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody

Rewterz Threat Alert – Trickbot – IOCs