Rewterz Threat Alert – Hive Ransomware – Active IOCs
April 4, 2022Malware Analysis Report – Rewterz | Remcos RAT
April 4, 2022Rewterz Threat Alert – Hive Ransomware – Active IOCs
April 4, 2022Malware Analysis Report – Rewterz | Remcos RAT
April 4, 2022Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Multicoin Capital Opportunities[.]pdf
MD5
- 7a81e115e8d7186250ae57d675a12899
SHA-256
- e9894893a8a1f74d7d6a8768dda9ef5ddaf8aac18634a1110e9a79652c9f13ee
SHA-1
- 8136c3d4b273f4adea5d3005bf6afbae2cba2b29
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at your respective control