March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Zoho Zero-Day CVE-2021-44515 Exploited by Nation-State Actors
December 21, 2021Rewterz Threat Alert – CryptBot Trojan – Active IOCs
December 21, 2021Rewterz Threat Advisory – Zoho Zero-Day CVE-2021-44515 Exploited by Nation-State Actors
December 21, 2021Rewterz Threat Alert – CryptBot Trojan – Active IOCs
December 21, 2021
Severity
High
Analysis Summary
PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, and The Dropping Elephant) is an APT that mainly conducts cyber-espionage activities against Asian countries especially against China and Pakistan. Threat actors are now targeting army officials in Pakistan in a series of spear phishing campaign that is impersonating as a Defence Housing Officers Society and dropping a backdoor when enabling the macros with a .Net vulnerability (CVE-2017-87592) a code injection vulnerability which can lead to remote code execution without user interaction if exploited correctly on a vulnerable machine. This vulnerability is generally used to deploy spyware to steal information from the victim’s machine for later gains and use against the victims.
Impact
- Information Theft
- Unauthorized Remote Access
Indicators of Compromise
MD5
- f1f51717eb81e4df0632e20c8e455299
SHA-256
- 3ddbd2f9d4194aaebaffda1417b34aa1c2a5ec948e01b7ef0a1c9e035e78721e
SHA-1
- 8d4ba398c8a6d73e2fb4d9678cbddc7d0bd9e41e
Remediation
- Search for IOCs in your enviorment.
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.
- Do not enable macros for untrusted files.