Rewterz Threat Alert – Donot APT Group – Active IOCs
December 14, 2021Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities
December 14, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
December 14, 2021Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities
December 14, 2021Severity
High
Analysis Summary
A series of attacks organized by an unknown APT were observed starting on early 2020. The target were important organizations such as national institutions, military industry, and scientific research in Pakistan, Bangladesh and other countries. The APT used spear phishing emails and social engineering methods to infiltrate, spread malicious programs to the target device, secretly control the target device, and continue to steal sensitive files.
Impact
- Information Theft and espionage
Indicators of Compromise
Filename
- Project Review – Muhammad Yahya Nawaz (as1@paksecretariat[.]com) – 2021-11-05 0928[.]eml
- Officers details[.]docx
MD5
- a2f7b26ae02cf6025b4d7ba75408ee79
- 9353dd2652a12f4c8b5333d11552d13d
- e0231be9e17dec8d66ad50b96172153f
SHA-256
- ade670f35256e0703e0ec55807ac6a07dab7319e7b1eeebcce89dabb17b22e73
- ca5008f06737472b4c05c12382f9ca5a81dd3a4c6757a423c07cda6da01c5256
- 6690a6c8903d56821d1462fd19f631f53b5b7cc2d62bb61d1b644f7f06c6055a
SHA-1
- a4c7dd0282a6a6c3242962d88e52488e3a486e29
- d699174088cc8657167431ae034aec39d7748844
- 11d02f05a7d4ef32f737319bb27a2854839ea650
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.