Rewterz Threat Alert – SystemBC Malware – Active IOCs
August 17, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 17, 2022Rewterz Threat Alert – SystemBC Malware – Active IOCs
August 17, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
August 17, 2022Severity
High
Analysis Summary
MenuPass is a threat group that has been active since at least 2006. Individual members of menuPass are known to have acted in association with the Chinese Ministry of State Security’s (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company. MenuPass has targeted healthcare, defense, aerospace, finance, maritime, biotechnology, energy, and government sectors globally, with an emphasis on Japanese organizations. In 2016 and 2017, the group is known to have targeted managed IT service providers (MSPs), manufacturing and mining companies, and a university.
Impact
- Data Encryption
Indicators of Compromise
MD5
- 3f79ee9a41ae258d6d9b50d707537de9
SHA-256
- 016e67ede7d55c85b65176300664c57e1d4c3f03721612b255d176fd56408914
SHA-1
- 9900e5e84daccbc63178a6375abd1ee94238e6d0
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.