Rewterz Threat Alert – Prometei Botnet Used to Exploit ProxyLogon Flaw in Microsoft Exchange
April 28, 2021Rewterz Threat Alert – APT34 (OilRig) – IOCs
April 28, 2021Rewterz Threat Alert – Prometei Botnet Used to Exploit ProxyLogon Flaw in Microsoft Exchange
April 28, 2021Rewterz Threat Alert – APT34 (OilRig) – IOCs
April 28, 2021Severity
High
Analysis Summary
The Donot APT group (APT-C-35) is an APT (Advanced Persistent Threat) organization that targets government bodies and organizations. The threat actors have previously attacked Asian countries including China, Pakistan, and other South Asian countries. Languages like C++, Python, .net, and several others are used by the group to develop malicious programs.
The group leverages malicious Android APKs in their attacks and spreads malware through spear-phishing emails with infected attachments containing exploitable malware or malicious macros. These android applications masquerade as system tools and can be identified using VirusTotal. The applications are mostly mobile games, news apps, and fake apps. After successful installation, the apps perform trojan functions in the background. The remote attackers are then able to control the victim’s system and steal credentials and confidential information.
Impact
- Information theft and espionage
- Phishing
- Exposure of sensitive data
Indicators of Compromise
MD5
- fb0ed3144b8c62137e19ad455fe6dac7
- 0e8b8be7d31642a639602fb94d7dcf1e
- 03674b4f49ea0fef46fd83d5cdb27443
SHA-256
- e82d1f4f2960aef4142c32d7920b97700f2b5957bb4807bfcd59e586e71a33c0
- 11078777f863f3428ff52485320170724cf3e85346410c12bffa0f111da76869
- ed67380763eb982955cace9418d7695f8220eae270eee98afa38fc29ebd2d385
- 694d433a729b65993dae758e862077c2d82c92018e8e310e121e1fa051567dba
SHA1
- ba93155bd0af40492f4aa9a5459b2586f6e08ccf
- 9ed0ad2e68c2fd374ee313e4bc0ad181ef053c2f
- 6c01fe16e8cffa3049e84707672b82dc32f1cf72
URL
- http[:]//idmquick[.]xyz/jack/IvGRnMiDzgderQQteqNjNgKoIYqaLW6C[.]dot
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.