Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 22, 2023Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]March 22, 2023Analysis Summary Overview – 23rd Mar – A Big Day – As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]March 22, 2023Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 22, 2023Severity Medium Analysis Summary Mekotio is a banking trojan that targets users in Latin America and Europe. It is primarily distributed via phishing emails and infected […]March 22, 2023Analysis Summary Overview – 23rd Mar – A Big Day – As we approach the 23rd of March, Pakistan Day, organizations and individuals should be aware […]March 22, 2023Severity High Analysis Summary CVE-2023-28684 CVSS:7.1 Jenkins remote-jobs-view-plugin Plugin could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Multiple IBM Products Vulnerabilities
March 3, 2023Rewterz Threat Alert – Cloud Atlas APT Threat Actors aka Inception – Active IOCs
March 3, 2023
Severity
High
Analysis Summary
APT-C-35 (also known as “Donot APT Group”) is a cyber espionage group that has been active since at least 2013. The group is known for conducting cyber espionage and intellectual property theft, targeting government and military organizations, as well as companies in the aerospace, defense, and high-tech industries. Their activities have been observed in several countries, including the United States, Europe, and Asia.
They previously targeted Pakistani users with android malware named (StealJob) which was used to target Pakistani android mobile users by Phishing under the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan. Also, in July 2022, the threat actor of this APT group used Comodo’s certificate to sign its spyware.
The group is known for using a variety of tactics, techniques, and procedures (TTPs) in their attacks, which include the use of spear-phishing emails, malware, and custom-developed tools. Donot APT group is known to be a well-funded and well-resourced group, with a high level of technical skill. They are also known to use techniques to evade detection, such as using encryption and fileless malware.
It is important for organizations to be aware of the threat posed by Donot APT group and to take steps to protect themselves from their attacks. This includes implementing security best practices, such as regular software updates and patching, and providing employee training on how to spot and avoid phishing emails. Additionally, organizations should also consider implementing security tools such as intrusion detection and prevention systems (IDPS), endpoint protection platforms (EPP), and advanced threat intelligence (ATI) to detect and respond to Donot APT group’s activities.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 6de75b200652eefa4a6a3bb84da7f798
- d1777f7a0b0cf5c5355d3f482c18392c
- 3c6ad03f0ab284350d8b0d3d4cf22196
SHA-256
- 9f7324518de5725a6b162954d355291fc3775c17c8d96d8f570b7ebdffabf5d3
- b7cbcfaf000c8c902ad4de03cae50f5e484a76cee1dc87d07b6d3744db0ece9b
- 56a6187623c1b2628fabf167deb08df7f574104b7e5195762505450ced4bae48
SHA-1
- 806fe2724e20509096876eaf226ec77c0029a9e2
- 279f84239bff244db7d141b3ea6031fbecf3bb32
- 6edaefb00d499b87e2841834a1fbe616629a01df
URL
- http://monitoriing.buzz/
- https://goldliney.buzz/Lomiapekaso/texadikkomanapel
- http://monitoriing.buzz/3fHYKahOXhkVV3Uj/dqyWpAfXBcyQkTkzoamk25hn3cbTbeuhImfJO08uTOFCkhIa.ico
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.