• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – APT C-35 (Donot Team)
January 11, 2021
Rewterz Threat Advisory – CVE-2020-17534 – Apache HTML/Java API privilege escalation
January 12, 2021

Rewterz Threat Alert – APT C-35 Active In the Southeast Asian Region

January 11, 2021

Severity

High

Analysis Summary

APT C-35 aka (Donot Team) has been actively targeting countries in Southeast Asia. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They’ve now shifted their tilt towards Southeast Asia and has been dropping malicious files and reinforcing the issue of China’s Digital Silk Road initiative as a threat to world democracy. This comes at a very crucial time when India and China has come to the lowest part of their democratic ties. From banning applications to engaging troops at the LOC, both countries have shown aggression to each other in the recent past. Threat group’s motive appears to be information theft and create a negative image of the China’s Digital Silk Road Initiative. 

Image

Impact

Information theft and espionage

Indicators of Compromise

Filename

FiscalReview_July_September_2020_ace[.]docx

MD5

c92901f2ef13374f4afd950d840e02c1

SHA-256

bfaa8d24fea8f904b33da90bc2836785c390c3adaec01ac8082c953dd7b787ed

SHA1

69a8ec206dc0a80bb675277273bb806330d92805

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.