Rewterz Threat Alert – DJVU Ransomware – Active IOCs
January 28, 2022Rewterz Threat Alert – Lockbit Ransomware – Active IOCs
January 28, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
January 28, 2022Rewterz Threat Alert – Lockbit Ransomware – Active IOCs
January 28, 2022Severity
High
Analysis Summary
Emissary Panda – AKA APT27, BRONZE UNION, Iron Tiger, LuckyMouse, TG-3390, and Threat Group-3390 – has been active for more than a decade and remains a powerful adversary. This Chinese cyberespionage group targets organizations in the government, defense, aerospace, technology, manufacturing, and energy sectors. The group was involved in cyber espionage campaigns against Turkish organizations and the middle-east.
They deploy Malware like China Chopper, Gh0st, HyperBro, and ZxShell to exploit applications networks.
APT27 has been recently using Zoho and Microsoft Exchange vulnerabilities to attack German companies. The exploits are:
CVE-2021-40539 – Zoho Manage Engine ADSelfService Plus
CVE-2021-26855 – Microsoft Exchange
CVE-2021-26857 – Microsoft Exchange
CVE-2021-26858 – Microsoft Exchange
CVE-2021-27065 – Microsoft Exchange
Impact
- Information Theft and Espionage
Indicators of Compromise
IP
- 87[.]98[.]190[.]184
- 104[.]168[.]236[.]46
- 103[.]79[.]77[.]200
MD5
- ad72e6cf7bfa37a2bae835c5d5d1e96f
- 832415bba4378181e3c975f247b9d0e8
SHA-256
- 601a02b81e3bd134c2cf681ac03d696b446e10bf267b11b91517db1b233fec74
- 333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a
SHA-1
- 725e1300954e29a748499f730065e55960130547
- 7d92970e8394b20b887bf2de60408da15e260d9f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment