Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
September 26, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 27, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
September 26, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 27, 2022Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 8878ee5d935facff0e04370324118c60
SHA-256
- 3b70c3ebffcfd6a97859f8d9e5a31f6902756e23fd6688ca7c7446d24ec76d9d
SHA-1
- e09eda6f9ee4d2e30e239813e87423472d893396
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.