Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 21, 2022Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
August 21, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 21, 2022Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
August 21, 2022Severity
High
Analysis Summary
Emissary Panda – AKA APT27, BRONZE UNION, Iron Tiger, LuckyMouse, TG-3390, and Threat Group-3390 – has been active for more than a decade and remains a powerful adversary. This Chinese cyberespionage group targets organizations in the government, defense, aerospace, technology, manufacturing, and energy sectors. The group was involved in cyber espionage campaigns against Turkish organizations and the middle-east.
They deploy Malware like China Chopper, Gh0st, HyperBro, and ZxShell to exploit applications networks.
APT27 has been recently using Zoho and Microsoft Exchange vulnerabilities to attack German companies. The exploits are:
- CVE-2021-40539 – Zoho Manage Engine ADSelfService Plus
- CVE-2021-26855 – Microsoft Exchange
- CVE-2021-26857 – Microsoft Exchange
- CVE-2021-26858 – Microsoft Exchange
- CVE-2021-27065 – Microsoft Exchange
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 8502272487ce38a6cf728547196af57c
SHA-256
- 56b55e3587dc8e40e36c2eadba62dd2b39890dc0df313620f3b42ab0f0b92a3d
SHA-1
- 7400dcf0eb91fed6dbecf65b5830be3a258180ba
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.