Rewterz Threat Alert – Dridex Banking Malware
February 1, 2021Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass
February 2, 2021Rewterz Threat Alert – Dridex Banking Malware
February 1, 2021Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass
February 2, 2021Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, CVE-2012-0158, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region.
Impact
- Information theft
- Espionage
Indicators of Compromise
Filename
- rkftl[.]exe
MD5
- 562122123e57a63766737aab096d8d3c
SHA-256
- c2131a3906d97b5d7d697d16de15a8f704db1e6e4a8d3d7316c784d45716cffc
SHA1
- 794f336035984878830618d9df20e7fd733dc6ba
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.