Rewterz Threat Advisory – CVE-2021-4144 – TP-Link TL-WR802N WiFi router
December 24, 2021Rewterz Threat Advisory – Multiple SonicWall SMA 100 Series Devices Vulnerabilities
December 27, 2021Rewterz Threat Advisory – CVE-2021-4144 – TP-Link TL-WR802N WiFi router
December 24, 2021Rewterz Threat Advisory – Multiple SonicWall SMA 100 Series Devices Vulnerabilities
December 27, 2021Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Project extension notice[.]doc
MD5
- 09161b193fcc97e56ab87a03f9e44e44
SHA-256
- 6b475078aca28ef7c8b162065b562e61670aceea1602715f53d64d81e7023a2a
SHA-1
- 74072a2a6c09e29ea412a2095e34bc48a812bbc1
URL
- https[:]//epapbuizhost[.]net/images/cry[.]php/?h=%25computername%25-DC
Remediation
- Block all threat indicators all your respective controls.
- Search for IOCs in your environment