Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
June 30, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
June 30, 2021Rewterz Threat Alert – Oski Data Stealer Malware – Active IOCs
June 30, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
June 30, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious files for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, the state sector of Pakistan.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Bride-Fun[.]apk
MD5
- 84506587a0aae1168e3e8c0f3ebb8b9c
SHA-256
- aadaf88e315592aae5c2255ad9acbc175a6b5eec5c69ab0c81099b84e66e04f8
SHA-1
- 9f6cfca7a98afab2677c63266bccbb956575b359
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.