November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2020-27254 – ICS: Emerson Rosemount X-STREAM
December 18, 2020Rewterz Threat Alert – Malicious Covid-19 Themed URLs
December 18, 2020Rewterz Threat Advisory – CVE-2020-27254 – ICS: Emerson Rosemount X-STREAM
December 18, 2020Rewterz Threat Alert – Malicious Covid-19 Themed URLs
December 18, 2020
Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They
previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.
Impact
Remote code execution
Indicators of Compromise
Filename
- IR-80-FR04[.]docx
MD5
- 59edfb504e890a8cd54a8d5ceba31fff
SHA-256
- 2a811e51b0afdadfd7cfc7e7097657a5116bc1c81fe8042b70b5d63043b1a04b
SHA1
- b03acf0ecf4ada043795af1412eb4b6e24c2a65f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.