March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021
Rewterz Threat Alert – Trickbot – IOCs
February 19, 2021
Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Power Build-Rapsody
February 19, 2021
Rewterz Threat Alert – Trickbot – IOCs
February 19, 2021
Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, CVE-2012-0158, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, but this is an indication of their presence again in the South Asian region.
Impact
Information theft and espionage
Indicators of Compromise
Filename
CICP Z9 Letter dated December 2020[.]exe
MD5
3f45d49bdb6afceb670978cf98f5c2be
SHA-256
7b64a739836c6b436c179eac37c446fee5ba5abc6c96206cf8e454744a0cd5f2
SHA1
81f6de303c0e9279744bb1a00e70ea62428bf28e
URL
http[:]//82[.]221[.]136[.]27/RguhsT/accept[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.