April 26, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 1, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 1, 2021Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 1, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 1, 2021
Severity
High
Analysis Summary
Tracing back activities to 2010, BlackTech is a commercial cyber espionage group which targets including finance, government, education and technology. Their main motive remains around gathering sensitive information and data including confidential documents for their financial gains. Their common methods are spear phishing emails that targets specific individuals and targeted organizations. Threat actor uses Trojan horses such as Plead, TSCookie, Gh0st, and Bifrose made for covert computer surveillance. With their ties linked to China, they have attacked more than 40 countries for their gains and continue to expand their operations towards other countries. Countries that are targeted by these threat actors are Hong Kong, India, Indonesia, Iran, Japan, Jordan, Kazakhstan, Kyrgyzstan.
Impact
- Data exfiltration
- Information theft and espionage
Indicators of Compromise
MD5
- 9061ff3f23735feddcc51d66f1647f9d
- bb6a5e4690768121d9bffcd82dd20d8f
SHA-256
- c75113a4fdd9086f611b20d153e8a882bc11c0256c92468ed39adf0c43972284
- af8301a821cf428dd3d8d52e5f71548b43ba712de2f12a90d49d044ce2a3ba93
SHA-1
- 9763350d2dc9b9ab86c31929ce406f5935a7d4ec
- 87d042bac542d2f23282bda4643b0c56538dfe98
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.