Rewterz Threat Alert – BazarLoader Malware – Active IOCs
March 21, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
March 21, 2022Rewterz Threat Alert – BazarLoader Malware – Active IOCs
March 21, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
March 21, 2022Severity
High
Analysis Summary
The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial, and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group is also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012. The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe, and other regions and countries to conduct attacks.
Impact
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
Domain Name
- sessionprotocol[.]com
Filename
- simserv[.]exe
- svvsrv[.]exe
MD5
- ae72b18b38e4421a37a93c0820ddd83b
- 31c05fe3c509d9594b6f8bc2bb5f2fd1
- 20019653c96f9556133a9bc4d811e6ae
SHA-256
- d8e09efe37e802b6541b97b22ca49d467fb02d2f7b7319fda0eed4fdc2e21e2b
- b12b80d59d2a85bcc10a81e78913cfdf0220e214b6a2b108611b5ffe4fa49ba7
- ef156165bdefe2a90c83e787218a670665e16ff23a097b78c654573df629a9b6
SHA-1
- c867f045cedec1c559f9d0f4a4f7b1a9e92b5565
- 26bae34ae844c2e1e7ebfd42727a1e557b43204b
- e8ac6a5ad6d594dabafc28c46cc6797853b47fe1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.