Rewterz Threat Advisory – CVE-2021-41260 – Mozilla Thunderbird Vulnerability
December 21, 2021Rewterz Threat Advisory – Zoho Zero-Day CVE-2021-44515 Exploited by Nation-State Actors
December 21, 2021Rewterz Threat Advisory – CVE-2021-41260 – Mozilla Thunderbird Vulnerability
December 21, 2021Rewterz Threat Advisory – Zoho Zero-Day CVE-2021-44515 Exploited by Nation-State Actors
December 21, 2021Severity
High
Analysis Summary
Donot APT group has been actively dropping malicious samples and targeting Government users to exfiltrate data. The group has previously been active in the past and has now again shifted its focus to phishing campaigns. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- ZangiV4.apk
MD5
- 17dc60b6e307c7faf84bc85df6e14d3d
SHA-256
- a6b5dac9b67da3c2b96c13f3513ca1463f3d05096bf3a8083efea4eee0e11266
SHA-1
- 9f58ca083dd877a90130d2b5179757b47960fa4c
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.