logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    May 25, 2023
    Rewterz
    May 25, 2023
    Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
    Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
    May 24, 2023
    Rewterz
    May 24, 2023
    Rewterz Threat Advisory – CVE-2023-30440 – IBM PowerVM Hypervisor Vulnerability
    Severity Medium Analysis Summary CVE-2023-30440 IBM PowerVM Hypervisor could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to […]
    May 24, 2023
    Rewterz
    May 24, 2023
    Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability
    Severity High Analysis Summary CVE-2023-33246 Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    May 25, 2023
    Rewterz
    May 25, 2023
    Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
    Severity High Analysis Summary The STOP/DJVU ransomware initially made headlines in 2018 and has since been attacking individuals all around the world. It’s widespread on torrent […]
    May 24, 2023
    Rewterz
    May 24, 2023
    Rewterz Threat Advisory – CVE-2023-30440 – IBM PowerVM Hypervisor Vulnerability
    Severity Medium Analysis Summary CVE-2023-30440 IBM PowerVM Hypervisor could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to […]
    May 24, 2023
    Rewterz
    May 24, 2023
    Rewterz Threat Advisory – CVE-2023-33246 – Apache RocketMQ Vulnerability
    Severity High Analysis Summary CVE-2023-33246 Apache RocketMQ could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when using the […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Advisory – Multiple Intel QAT Engine and Driver Vulnerabilities
May 11, 2023
Rewterz
Rewterz Threat Advisory – Multiple Intel Processors Vulnerabilities
May 11, 2023

Rewterz Threat Alert – APT-C-35 aka Donot Team – Active IOCs

May 11, 2023

Severity

High

Analysis Summary

APT-C-35 (also known as “Donot APT Group”) is a cyber espionage group that has been active since at least 2013. The group is known for conducting cyber espionage and intellectual property theft, targeting government and military organizations, as well as companies in the aerospace, defense, and high-tech industries. Their activities have been observed in several countries, including the United States, Europe, and Asia.

They previously targeted Pakistani users with android malware named (StealJob) which was used to target Pakistani android mobile users by Phishing under the name of “Kashmiri Voice”. The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan. Also, in July 2022, the threat actor of this APT group used Comodo’s certificate to sign its spyware. The group is known for using a variety of tactics, techniques, and procedures (TTPs) in their attacks, which include the use of spear-phishing emails, malware, and custom-developed tools. Donot APT group is known to be a well-funded and well-resourced group, with a high level of technical skill. They are also known to use techniques to evade detection, such as using encryption and fileless malware.

Previously, the DoNot APT group is targeting individuals in South Asia using Android malware. The group seems to be using third-party file-sharing websites, as well as potentially their own file-sharing online platform, as a delivery mechanism for their malware.

In their recent campaign, the Donot APT group is using a lure related to CVE-2023-2033 to entice their victims into downloading a malicious file disguised as an updated version of Google Chrome. 

It is important for organizations to be aware of the threat posed by Donot APT group and to take steps to protect themselves from their attacks. This includes implementing security best practices, such as regular software updates and patching, and providing employee training on how to spot and avoid phishing emails. Additionally, organizations should also consider implementing security tools such as intrusion detection and prevention systems (IDPS), endpoint protection platforms (EPP), and advanced threat intelligence (ATI) to detect and respond to Donot APT group’s activities.

Impact

  • Information Theft and Espionage

Indicators of Compromise

MD5

  • 8a6a6f8bdb1088a921d972a43e2d33bd
  • bb2d300a7ddd51eafca52d794e2af510
  • 0836a7debb1d5631a212150a0c6a83dd

SHA-256

  • ffe60f49d81ac0ade1c1fe1f571a150b9c0b4d5803db773ffbd6af8fe50a9f60
  • 98934f9cbf0caf25ebfe882e838456000fb1f80588f7310f8937b11088c42ed5
  • 0cc2f7736d48007d2978a1340b8c8a5f19219c22ff573826740d76103e7957b9

SHA-1

  • 875e145a72b0a1437aee4c666ffbdd38ddc10d35
  • e837f8c92b351f4e0fc2a276d06fb857f86bb73f
  • 1a6b01cd344a652a860d6d6a5c280c28e1a38c4f

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
  • Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
  • Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
  • Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo