Rewterz Threat Alert – DangerousPassword APT Group

Rewterz Threat Alert – Hive Ransomware – Active IOCs

April 4, 2022

Malware Analysis Report – Rewterz | Remcos RAT

April 4, 2022

Rewterz Threat Alert – DangerousPassword APT Group – Active IOCs

Severity

High

Analysis Summary

DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.

Impact

Information Theft and Espionage

Indicators of Compromise

Filename

Multicoin Capital Opportunities[.]pdf

MD5

7a81e115e8d7186250ae57d675a12899

SHA-256

e9894893a8a1f74d7d6a8768dda9ef5ddaf8aac18634a1110e9a79652c9f13ee

SHA-1

8136c3d4b273f4adea5d3005bf6afbae2cba2b29

Remediation

Search for IOCs in your environment.
Block all threat indicators at your respective control