Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
March 3, 2022Rewterz Threat Advisory – Multiple Apache JSPWiki Vulnerabilities
March 3, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
March 3, 2022Rewterz Threat Advisory – Multiple Apache JSPWiki Vulnerabilities
March 3, 2022Severity
High
Analysis Summary
APT-17 group aka BITTER APT group has been recently active and targeting sectors in South Asia for information theft and espionage. This group has a history of targeting Energy, Engineering, Government in South Asia. Spear phishing emails have been the main strike force to target their victims and they’ve been doing it for years now. Many BITTER victims have been exploited through relatively popular Microsoft Office exploit, in order to download and execute a RAT binary from a website. Although the attack vector of this sample remains unknown of yet, this is an indication of their presence again in the South Asian region.
Impact
- Information Theft & Espionage
Indicators of Compromise
MD5
- 1f2ba324c566ba1f29e94971bc1034c8
SHA-256
- b73638a6581af3c173fb0d6214fd881ed131e8f7884c1be297c80ecba5989bd4
SHA-1
- 7f7139a9a0d437e8876520913a188321ba1c647c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.