Rewterz Threat Alert – FormBook Malware – Active IOCs
July 21, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
July 21, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
July 21, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
July 21, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Mecaller[.]apk
MD5
- 2f803af6ce0ed3c948763bb261453b27
- 5b4b63a374d5e1dbb476f40a32e1bf6c
SHA-256
- fdb67688d92900226bf834ce67f4112f03e981611ee50e9c3102636574b05280
- 3a7e30efd0a283ef764dfa5762fcb1aacca031b18084b49b993ae7b20ec31dd0
SHA-1
- 305a33091fc484cbdfb4367744cdc5373b9dfc40
- 420da87f056f2d2f2c3a137620d9bcb2b3f065fc
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.