March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple NVIDIA vGPU Vulnerabilities
August 9, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 10, 2022Rewterz Threat Advisory – Multiple NVIDIA vGPU Vulnerabilities
August 9, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 10, 2022
Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- e14091ec731b04cbcec888da68cfa0dc
- 4cadefa553cf8775c2d879c7c0c44b98
SHA-256
- b3f39054043551bcb78e4531580899b8343fc3c1e2dcfd46932ce576eea9019c
- 57959c2be2ac6349aa37edb73cd8a88fe8d3e69678cac4b38fac401bd3141fdf
SHA-1
- fc7ab82d92c9de210361ce70d5a3c499dd992c51
- 3c3ab091ff27be626e5bde52fffc21128cf2f2ae
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.