Rewterz Threat Advisory – CVE-2022-22311 – IBM Security Verify Access Vulnerability
April 1, 2022Rewterz Threat Alert – BabyElephant APT Targeting Bangladesh Navy – Active IOCs
April 1, 2022Rewterz Threat Advisory – CVE-2022-22311 – IBM Security Verify Access Vulnerability
April 1, 2022Rewterz Threat Alert – BabyElephant APT Targeting Bangladesh Navy – Active IOCs
April 1, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- coerciondigital[.]com
Filename
- NAHTFF Recommendation Direction & Suggestion[.]chm
MD5
- 9a6c5b76ca623bf353cccb2841e7c256
SHA-256
- 9fca7eeb6a7c3591492ddb7693b9d7b2349acc3240cc46710f91fb79d8a8deb6
SHA-1
- 34904956af2c48bc34c572bb377f480a68cb29df
URL
- http[:]//coerciondigital[.]com/winter/js[.]php?
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective control