Rewterz Threat Alert – Coper Banking Trojan – Active IOCs
January 4, 2022Rewterz Threat Alert – Purple Fox Rootkit Distributed Using Malicious Telegram Installer – Active IOCs
January 4, 2022Rewterz Threat Alert – Coper Banking Trojan – Active IOCs
January 4, 2022Rewterz Threat Alert – Purple Fox Rootkit Distributed Using Malicious Telegram Installer – Active IOCs
January 4, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. The malicious file suspected of being used as an attachment has the name PAC Advisory Committee Report.doc. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- PAC Advisory Committee Report[.]doc
MD5
- bf1a905e11f4d44de8bd2e0a6f383ed5
- 2a8ebefc90feb991e3a1f31b0a61f265
SHA-256
- 9a8b201eb2bebe309d15c7b0ab5a6dcde460b84b035bb3575d4a0ec6af51a37e
- b026a255b2e17fb0c608f1265837e425ea89cc7f661975c6a0d9051e917f4611
SHA-1
- a07b22ac47f0e304ae2bbc070de371dd78e9daa2
- 4ae695a164da1a8c62fa261d8629ebe23d553bfc
URL
- https[:]//sbss[.]com[.]pk/gts/bd[.]msi
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.