November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2020-17519 – Apache Flink directory traversal
January 6, 2021Rewterz Threat Alert – SideWinder APT Group Targeting Pakistan Air Force
January 6, 2021Rewterz Threat Advisory – CVE-2020-17519 – Apache Flink directory traversal
January 6, 2021Rewterz Threat Alert – SideWinder APT Group Targeting Pakistan Air Force
January 6, 2021
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, CVE-2012-0158, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region.
Impact
Information theft and espionage
Indicators of Compromise
MD5
- e1633e3cc57e4665412a15793ef0caa1
SHA-256
- 86acae7e6ae298f43c022ecd2b445d310768f37b56164b66a5a40256d31e5733
SHA1
- 2776c37ecabac5f887882a23e15f58b2c93bcc34
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment