November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – FIN7 APT – Active IOCs
July 29, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
July 31, 2022Rewterz Threat Alert – FIN7 APT – Active IOCs
July 29, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
July 31, 2022
Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 8f8a920885362729949e9914f0763734
SHA-256
- c285bf15a83133b231afddbbcfe1c35932d0c1ccd4b066a24bd1756a9ccec6d9
SHA-1
- 74c2c24b9e129ff902a68c5c9f9f8fb73f72d9a1
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.