Rewterz Threat Alert – Daxin Malware – Active IOCs
March 4, 2022Rewterz Threat Alert – Phishing Emails Targeting Pakistan’s Financial Sector
March 4, 2022Rewterz Threat Alert – Daxin Malware – Active IOCs
March 4, 2022Rewterz Threat Alert – Phishing Emails Targeting Pakistan’s Financial Sector
March 4, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, and Government sectors in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
BITTER group is now targeting the Nepal military officials to gain information via phishing emails and dropping malicious word documents which enables macros when downloaded and executed. The malicious file suspected of being used as an attachment has the name “Nepal Army Day Invitation.docx .chm.”
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Nepal Army Day Invitation[.]docx [.]chm
MD5
- a23ed54ce55c04307a5c6df0325bd9a7
SHA-256
- eaa013b863bda3bd76c6f6073cc304002d1a9f317c8fba9c362534aff7dd1b0b
SHA-1
- 0d6ff31bc473216220bc15ce0f3e892f1b930b02
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.