Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
March 24, 2022Rewterz Threat Update – Nestlè Hacked by Anonymous Collective – Russian-Ukrainian Cyber Warfare
March 24, 2022Rewterz Threat Alert – APT29 Cozy Bear – Active IOCs
March 24, 2022Rewterz Threat Update – Nestlè Hacked by Anonymous Collective – Russian-Ukrainian Cyber Warfare
March 24, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- stimulies[.]exe
- reeeee[.]xlsx
MD5
- 06a7eccd74a6aa5aa12755cd48829f90
- bf51119c8b0673a9cfee1c384d1e236a
SHA-256
- bc32715459586ea3a99c6e89f704037eff1e35f9adacd645889f5b685252ced9
- ce922a20a73182c18101dae7e5acfc240deb43c1007709c20ea74c1dd35d2b12
SHA-1
- 9160bd1f2819440fa22f6480bc2148c09ca171fa
- 3d540373b74ed12df6b21e1ea21566907fba04a1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.