Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
August 5, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 8, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
August 5, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 8, 2022Severity
High
Analysis Summary
DangerousPassword is a Chinese APT group that targets cryptocurrency companies. Found in 2018, the threat group uses decoy files with topics like “job description”, “project risk profile”, “monthly business report”, etc. With a hefty number of domain names, Dangerous Password issues decoy files to organizations in Asia and Europe. The group uses phishing emails to deliver Trojan files that impersonate Google, Microsoft, and other servers. Once the files are executed, macros are launched to launch the attack.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 37f1c4dfbfc423130c851bc98cbab5d7
SHA-256
- 57099b79a9824765f8be07471ec33c4cc0799abd877637a2a85affc50e163b1b
SHA-1
- 8bc8aeab907c2294dda208d9b41b474afafa014f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.