Rewterz Threat Alert – Formbook Malware – Active IoCs
April 6, 2021Rewterz Threat Alert – Malicious Covid-19 URLs
April 7, 2021Rewterz Threat Alert – Formbook Malware – Active IoCs
April 6, 2021Rewterz Threat Alert – Malicious Covid-19 URLs
April 7, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They
previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.
Impact
- Information theft and espionage
- Exposure of sensitive data
Indicators of Compromise
Filename
Defence proposal 2021-2022[.]doc
MD5
82e3981303bee2eff6d1af17ad51eb32
SHA-256
801402ffa0f0db6cc8fc74c68c4b707a625205f25bc2c379f6a8b8329231eb56
SHA1
fbc8064399008fe20f350f0de5e4bbf5833847c7
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.