Rewterz Threat Alert – Conti Ransomware Targeting Organizations – Active IOCs
November 24, 2021Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
November 25, 2021Rewterz Threat Alert – Conti Ransomware Targeting Organizations – Active IOCs
November 24, 2021Rewterz Threat Alert – Dark Crystal RAT – Active IOCs
November 25, 2021Severity
Medium
Analysis Summary
Donot APT group has been actively dropping malicious samples and targeting Government users to exfiltrate data. The group has previously been active in the past and has now again shifted its focus to phishing campaigns. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- වන් හමුදාව – එක්සත් ජාතීන්ෙග් බහුමාන ඒකාබද්ධ ස්ථායීකරණ ෙමෙහයුම[.]doc
MD5
- 67abe8b04f62eb55b6b880668fb8a634
SHA-256
- aa918f72d5d7b99bf3ce6d13f91d42bed2117afc4ac5bb8e8538d37574642675
SHA-1
- b7400fdda86f14df4a49af7698eb4eba0acb2cb8
URL
- http[:]//wordfile[.]live/BXRi3EE06i5IES2k/rns63jefark0bRQf[.]php
- http[:]//wordfile[.]live/BXRi3EE06i5IES2k/rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8
- http[:]//wordfile[.]live/BXRi3EE06i5IES2k/rns63jefark0bRQfxxc6qM8l5tmR16vi2pTahsP7MWVZAOl8[.]rtf
- https[:]//svhservice[.]xyz/klmn/kok
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.