Rewterz Threat Advisory – ICS – Delta Electronics DOPSoft Vulnerability
August 27, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
August 27, 2021Rewterz Threat Advisory – ICS – Delta Electronics DOPSoft Vulnerability
August 27, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
August 27, 2021Severity
High
Analysis Summary
NetWire is a remote access Trojan focused on password stealing and keylogging, as well as including remote control capabilities. This threat has been used by malicious groups since 2012 and distributed through various social engineering campaigns (malspam). Recently, NetWire has been distributed as a second payload using Microsoft Word documents via GuLoader phishing waves. These days, NetWire is often launched via social engineering campaigns or as a later payload of another malware chain. Criminals send emails with malicious files attached to a wide number of users and expect at least someone to open the infected file. Once a victim clicks on it, the malware file is downloaded onto the victim’s computer. The shared files often used by crooks are PDF, Word, and IMG files.
Impact
- Information Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- f13ea972b900402696a1f51fb1bf5df7
- 4bcc352698b1e1ad6be66d1b91b9a26c
- ebf758901fb663efbefb029119f1268d
- 786bdb27f2eca2315e8c36302630dab8
- adfcea78d75201b3e076ad5cd5e03024
- efa94719f0d14b3f8f330e5c7949dd2f
SHA-256
- 25cf559d1de914a23563ad710eb291840283e5e9963b3941e51799220cc09ea5
- 7ce5e8a8e1662576b886631f8ad09bed03a917bcad5fb8714e9b116fe66fcbf1
- 8da08a2702d91029011f6aa8d209c706e2763dd10af4597953af58e14bca1677
- 460834ec55aa694ab0d984921534e5b7111bcb024abb36f7bace052fdeb448e5
- 6ca83be643d77af8da636b80200781881cb6c4a9a1ad60d910c65d354478b7db
- 98f868900b27ba82ac18f919dc551ea15dc310813eb1538ebf2d0ab3afaa8328
SHA-1
- 9c65c21911835ecf925bf63c251fed98bc9b3023
- 99aaec93bd913e1c583c1ead8186e722c21bb958
- b5927738a9cb79fd87a52425c527ec4823cb9812
- 5522bef42cb4d78d5a3096383cf7300513b4e142
- 078a991833264fbd26fbe36368a8e5b7d80451fd
- 6232070998c6d992941b4a5be9008efaf4af2370
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.