Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – CrySIS aka Dharma Ransomware – Active IOCs
January 26, 2023Rewterz Threat Alert – Gafgyt aka Bashlite Malware – Active IOCs
January 26, 2023
Severity
High
Analysis Summary
APT-17, also known as “Bitter APT” or “DeputyDog” is a state-sponsored cyber espionage group that is believed to operate out of China. They have been active since at least 2012 and have primarily targeted organizations in the aerospace, defense, and technology industries. They are known for targeting China, Pakistan, and Saudi Arabia and have expanded to set their sights on Bangladeshi government agencies. The group is known for using a wide range of custom malware and tools to carry out their operations, including Remote Access Trojans (RATs), keyloggers, and backdoors. The group’s malware is known to be complex, and multi-stage and used a range of techniques to evade detection, such as code signing, the use of legitimate tools and third-party tools, and the use of encrypted communications. They are also known to use spear-phishing campaigns to gain initial access to targeted systems. They have been active for more than a decade and are known to use a wide range of custom malware and tools to carry out their operations. Organizations in these sectors should be aware of the threat actors and take appropriate measures to protect against their attacks. This includes implementing robust security measures, such as advanced threat detection and response capabilities, as well as employee training on how to identify and respond to spear-phishing campaigns.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- wbfashionshow.com
MD5
- 26704290ab0f4a5bcf6ae31fed371a4a
- 34104f2ee58f629d7222cce339a24db5
SHA-256
- fc4d3452021b634da7ac78052abaa2b0cbebeb00470622c75b621561fd3e3f7d
- 561ace43f77de135d5b3286bd2ef270b185d0abdba15d442551211068f8bbf11
SHA-1
- 1f8110e4b5fecb5952dc1af32015a8427b10c1e2
- c2369bb1cd60242b72beebb810adf6395d4b3b5b
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective controls
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets