Rewterz Threat Advisory – ICS: Siemens Simcenter Femap Vulnerability
March 21, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
March 21, 2022Rewterz Threat Advisory – ICS: Siemens Simcenter Femap Vulnerability
March 21, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
March 21, 2022Severity
High
Analysis Summary
Donot APT group has been actively dropping malicious samples and targeting Government users to exfiltrate data. The group has previously been active in the past and has now again shifted its focus to phishing campaigns. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- deathstroke[.]xyz
Filename
- Utensils List(1)[.]doc
MD5
- 17f2f054205849b71cec3258709afd83
SHA-256
- 2d6ced810b45358b89ee180f69697569723f54d28872e4d4451766407295d59b
SHA-1
- 632df000e8f49c5a90570defd4831c7a52645f72
URL
- http[:]//deathstroke[.]xyz/WRLm4mYD0p6iWCta/CoETln2BYtPHtY9W[.]php
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.