Rewterz Threat Alert – AsyncRAT – Active IOCs
December 13, 2022Rewterz Threat Alert – Earth Preta aka Mustang Panda – Active IOCs
December 13, 2022Rewterz Threat Alert – AsyncRAT – Active IOCs
December 13, 2022Rewterz Threat Alert – Earth Preta aka Mustang Panda – Active IOCs
December 13, 2022Severity
Medium
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Recently the threat actors used a chm file instead of a lnk file. The decoy file is a UI/UX designer job opportunity at LiveBank.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 42e5cebc15f181647e79bcc19784d08d
SHA-256
- bdd109cba8346548dd6fe5110180aa23eb9f5805c90733025344a5881c15c985
SHA-1
- 0d57200895c572340857ebf2eb383dbc3a352d43
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.