Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023
Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 19, 2023Severity High Analysis Summary A new information-stealing malware called Mystic Stealer emerged in April 2023, gaining popularity in cybercrime circles. It targets various web browsers, browser […]September 19, 2023Rewterz Threat Alert – BlackCat/ALPHV Ransomware Group Allegedly Encrypted Over 100 MGM ESXi Servers
Severity High Analysis Summary An affiliate of the BlackCat ransomware group, also known as APLHV, recently carried out a significant cyberattack on MGM Resorts, leading to […]September 19, 2023Severity High Analysis Summary APT37, also known as ScarCruft or Red Eyes, is a state-sponsored cyber espionage group originating from North Korea. The group has been […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – APT-C-23 Distributes Information Stealer PyMICROPSIA
December 15, 2020Rewterz Threat Advisory – CVE-2020-12516 – ICS: WAGO Series 750-88x and 750-352
December 16, 2020
Severity
High
Analysis Summary
BITTER APT is a threat actor organization suspected of having a South Asian background. This organization has long been conducting attacks against China, Pakistan and other countries, mainly targeting government, military industry, electric power, nuclear energy and other units to conduct targeted attacks to steal sensitive information. It is also tracked as APT-C-08. Recently, targeted attacks on domestic, government organizations and enterprises have been detected, originated by this APT group. The captured samples are SFX files disguised as decoys related to the shipbuilding industry. After running, the decoy PDF will be displayed to the victim, in order to trick them, at the same time malware will be executed in the background to carry out secret theft activities. In this round of attacks, the attack methods of this APT group have not changed much, and they still use the C2 server for communication, that was previously attributed to them. At the same time, the plug-in modules distributed by the C2 server are basically the same as in previous attacks.
Impact
- Credential Theft
- Unauthorized Code Execution
- Remote Control
- Data Manipulation
- Information Theft
Indicators of Compromise
Domain Name
- pichostfrm[.]net
MD5
- f6b250aff0e2f5b592a6753c4fdb4475
- f4daf0eccf9972bdefb79fbf9f7fb6ee
- a39aa2ecbbb50c97727503e23ce7b8c6
- 99dd93a189fd734fb00246a7a37014d3
- 806626d6e7a283efffb53b3831d53346
- 660a678cd7202475cf0d2c48b4b52bab
- 25a16b0fca9acd71450e02a341064c8d
- 1475df569f8a31e49a659c6d9764ae93
SHA-256
- 08fdd8642b657afe39b6023efb85ed3c9c7c349c75e68d2424417fe40e36d22e
- 78b16177d8c5b2e06622688a9196ce7452ca1b25a350daae8c4f12c2e415065c
- c42865e79497dbba80cfd806e0d3dc58769212fca2f9e82620029503b6ef7d8a
- b2d7336f382a22d5fb6899fc2bd87c7cd401451ecd6af8ccb9ea7dbbe62fc1b7
- 76494e3c71c44b3586f65e678c0d42b06c94396596159dacb9c3b65bd8edab66
- d957239ba4d314e47de9748e77a229f4f969f55b3fcf54a096e7971c7f1bab7d
- 26b3c9a5077232c1bbb5c5b4fc5513e3e0b54a735c32ae90a6d6c1e1d7e4cc0f
- 6cb0c0a2f89d1e82653d2b0dd1389007543616d11f0709ff194a4db2d36865f7
SHA1
- c663870d693af2ca04f8c8c5861c4b92b8cdd932
- c65a902b61e6158fa453b3bbdd81c57739383d63
- ccb1f082d2539ee9e2ba5f7a69d0d2fb26644f91
- 829785ea04587bb60003819c8919fed842216a83
- 820f205b40462d50bf1889410eb8b712256eab15
- a0c4ee924cd2a57e1b62b722c3b89a05ffc74663
- 826334eb7990950f7e154d2494cc12437723aad2
- 40f9a260eafd137b068a536053fe9db97114f348
Source IP
- 82[.]221[.]136[.]27
- 72[.]11[.]134[.]216
- 162[.]0[.]229[.]203
Remediation
- Block the threat indicators at their respective controls.
- Do not open links from untrusted emails or from unknown origin shared on social media.
- Do not click and execute email attachments from unknown sources.
- Maintain timely backup of important files.
- Upgrade products to patched versions against all known vulnerabilities.