Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 2, 2022Rewterz Threat Alert – Evilnum APT Group – Active IOCs
August 3, 2022Rewterz Threat Alert – Ryuk Ransomware – Active IOCs
August 2, 2022Rewterz Threat Alert – Evilnum APT Group – Active IOCs
August 3, 2022Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 92316f57336eff3efef51dabc723b5dd
SHA-256
- b94a13586828f8f3474f7b89755f5e7615ff946efd510a4cca350e6e1b4af440
SHA-1
- 25c01dc8c7244eff3d3c1539e5ef43b2072396f8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.