Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 8, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
June 8, 2021Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 8, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
June 8, 2021Severity
High
Analysis Summary
The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial, and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group is also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012. The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe, and other regions and countries to conduct attacks.
Impact
- Data exfiltration
- Exposure of sensitive data
- Information theft and espionage
Indicators of Compromise
Domain Name
- resolutionplatform[.]com
Filename
- app_setup[.]exe
MD5
- cc7105b1e9a798eacc0adbcd04cd8aff
SHA-256
- 12818a96211b7c47863b109be63e951075cf6a41652464a584dd2f26010f7535
SHA1
- 137dba7f959a34ff5699d94a0260860756c520e1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment