Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
October 2, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
October 2, 2022Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
October 2, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOCs
October 2, 2022Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 7a9c191fe28be75afa4e0bb654b1cf22
- 893bc3ea857672dc972832f38847ab3c
SHA-256
- 51adde173872ba7378019324aca46e17e222d7b093518df6ad9d330324e113b2
- 99eae95f3271fe7cd2b25aca9a2b69ca8f5cc034f3416b554a4af38903f14233
SHA-1
- 321fda6003645fb29dfff5f047242d88b4375191
- 7c8282ff90145bc5259e8bb29e3dfd2247aa94b6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.