Rewterz Threat Alert – Ferocious Kitten APT Group Targeting Iran – Active IOCs
September 7, 2021Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
September 7, 2021Rewterz Threat Alert – Ferocious Kitten APT Group Targeting Iran – Active IOCs
September 7, 2021Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
September 7, 2021Severity
High
Analysis Summary
Android malware known as Elibomi attacking taxpayers in different regions of South Asia especially India. This malware is famous because it steals the financial information of victims via phishing by pretending to be a tax-filling application. The malware is delivered using an SMS text phishing attack. The SMS message pretends to be from the Income Tax Department in India and uses the name of the targeted user to make the phishing attack more credible and increase the chances of infecting the device. Attackers are exposing stolen sensitive information on the internet stolen data includes phone numbers, email addresses, and other personally identifiable information.
Impact
- Information Theft
- Credential Theft
- Expose of Sensitive Data
Indicators of Compromise
MD5
- 78745bddd887cb4895f06ab2369a8cce
- 103824893e45fa2177e4a655c0c77d3b
- 28ef632aeee467678b9ac2d73519b00b
- 1acf2c3b9e0709c3acac2aff3145cbfa
- 3c653b297dedecf8ffd99b6c8770b6a0
- 7c3511c9f48350f1981a27e130cfb751
- e014b41953876c61ee1323ffa1823578
- f74cb4bc11b83fce90f7a3bbc4fb2b2b
- 8cc1e2baeb758b7424b6e1c81333a239
SHA-256
- 1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56
- 7f7b0555563e08e0763fe52f1790c86033dab8004aa540903782957d0116b87f
- 120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac
- 326d81ba7a715a57ba7aa2398824b420fff84cda85c0dd143462300af4e0a37a
- 154cfd0dbb7eb2a4f4e5193849d314fa70dcc3caebfb9ab11b4ee26e98cb08f7
- c59ecd344729dac99d9402609e248c80e10d39c4d4d712edef0df9ee460fbd7b
- 16284cad1b5a36e2d2ea9f67f5c772af01b64d785f181fd31d2e2bec2d98ce98
- 98fc0d5f914ae47b61bc7b54986295d86b502a9264d7f74739ca452fac65a179
- 32724a3d2a3543cc982c7632f40f9e831b16d3f88025348d9eda0d2dfbb75dfe
SHA-1
- ef011b74e9f24d77bd915fffd40d3e3a8853aeff
- 9ae7411f9fe6cdd247d6ea6b1688244f87e23366
- 9721158f2b84f470eab4f24ac18cccb1a979f4ca
- 0b2044e0283543288e0d7639a1e0ca76cd07d64f
- 4b829bbe1b6668cbf3d44763ab21d9cebc695ce8
- c4b35a80d04389b2e7ab7f7f6e11246f9d1fe2ce
- dc056641ce7c2ed3194f61dee332ea2a8fcedfbb
- 1128782d30868cf58ce3e16e556f0f3083dd5b12
- fbba45773cc69c9ece02566dbcb45e093cb74bbc
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Do not click on suspicious links received from text messages or social media, particularly from unknown sources.