Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
May 16, 2022Rewterz Threat Alert – APT36 Crimson RAT – Active IOCs
May 16, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
May 16, 2022Rewterz Threat Alert – APT36 Crimson RAT – Active IOCs
May 16, 2022Severity
High
Analysis Summary
Gamaredon is a Russia-backed advanced persistent threat (APT) that has been operating since at least 2013. The main goal of this APT is to use the malicious document to gain control of the target machine. The exploit document uses the template injection technique to infect the victim’s computer with further malware. When the document is opened, it connects to the hacker’s server and downloads the payload file. Gamaredon’s tools are simple and designed to collect sensitive information from hacked systems and propagate it further. Its information-gathering efforts are nearly comparable to those of a second-tier APT, whose primary purpose is to collect and disseminate information with their units.
Impact
- Template Injection
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 9e472931556b6f6e3c1e50d719df83f9
- 76bdfe083b9038ab35757ba8cfac9a97
- fd49ac4b68e63ef4c44a08c05157b520
SHA-256
- f2f4dec274f0d7bd26c0d39e1cffc4b38b1e1919dfca6e20f754eddfa5931bbf
- 7a36935f624855f21c03b17b9b6e652f9b400aec79f6d1f221ef7380f2f9c02e
- 215d79d31ec6c4b008cf585dcf90007487b636229284b9ad924f52206c46a8a7
SHA-1
- e9d02abd32d9f05bfe807ca7efe020bf3ae1a9d2
- bd1a3269512ef88ca45873d07664190fa00b4b8b
- 739c38c9aefa2fc8bd1ab8c027f05ecbfdf0af17
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.