Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 11, 2022Rewterz Threat Alert – Trickbot Malware – Active IOCs
March 11, 2022Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
March 11, 2022Rewterz Threat Alert – Trickbot Malware – Active IOCs
March 11, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Chart[.]xlsx
MD5
- 2a340b72e16fb1ece13d7f553ec3c266
SHA-256
- e4545764e0c54ed1e1321a038fa2c1921b5b70a591c95b24127f1b9de7212af8
SHA-1
- 7a94a3dcd68792877a4ca8747e23ec084b12da16
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.