Rewterz Threat Alert – APT34 (OilRig) – IoCs
March 11, 2021Rewterz Threat Advisory – Linux Kernel Multiple Security Vulnerabilities
March 12, 2021Rewterz Threat Alert – APT34 (OilRig) – IoCs
March 11, 2021Rewterz Threat Advisory – Linux Kernel Multiple Security Vulnerabilities
March 12, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious RTF sample for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.
Impact
Information theft and espionage
Indicators of Compromise
Filename
- Email Address – Chief of Defence Staff Office[.]xls
MD5
- 55a1d0d10a66be988aa7a16445627845
SHA-256
- e82a17c9c0936de0c50267a296b801d1d7073293ad93b444eb63f336ebb46330
SHA1
- bfc1faee369ff31a8db569a52a09c25bca945575
URL
- http[:]//firm[.]tplinkupdates[.]space/8ujdfuyer8d8f7d98jreerje
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.