March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – The US Offers A Reward Of $10M For Information On Five Conti ransomware Members
August 13, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 15, 2022Rewterz Threat Update – The US Offers A Reward Of $10M For Information On Five Conti ransomware Members
August 13, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
August 15, 2022
Severity
High
Analysis Summary
Indian threat actor Patchwork has been active since December 2015 and frequently uses spear phishing to strike Pakistan. PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, The Dropping Elephant) is an APT that mainly conducts cyber-espionage activities against its targets. The group aims to steal sensitive information. In early July 2020, the Microstep Intelligence Bureau monitored a targeted attack with the help of the “New Coronary Pneumonia” hot event.
In its most recent campaign, which ran from late November to early December 2021, Patchwork dropped a variation of the BADNEWS (Ragnatela) Remote Administration Trojan using malicious RTF files (RAT).
Virtual computers and VPNs are used by this APT group to create, distribute, and monitor their targets. Patchwork is less advanced than its Russian and North Korean rivals, along with certain other East Asian APTs
This APT has targeted the Government of Pakistan in its most recent phishing campaign.
Image Source:
Impact
- Information Theft
- Unauthorized Remote Access
Indicators of Compromise
MD5
- 47d9189cc83bbed4a6e2b2a2e9cb8db6
SHA-256
- 1dd1c52e5eb1b1e5c4abc7c327b63687528118e612e9a42f01b97955676f4ff0
SHA-1
- 6754f664e53de82474dcfe3a0deeb022c8f802c1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.