• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Cisco Data Center Network Manager Cross-Site Scripting Vulnerabilities
July 16, 2020
Rewterz Threat Alert – CVE-2020-3370 – Cisco Content Security Management Appliance Filter Bypass Vulnerability
July 16, 2020

Rewterz Threat Alert – Patchwork APT activity around South Asia

July 16, 2020

Severity

High

Analysis Summary

The “Moxa” APT group (APT-C-09), also known as HangOver, VICEROY TIGER, The Dropping Elephant, Patchwork, is an overseas APT organization from South Asia. The group has been active for more than 8 years. A recent targeted attack samples of the organization against neighboring countries and regions. Among the samples captured, the Mahaboo organization used a variety of methods: for example, the CVE-2017-0261 vulnerability exploitation document disguised as a network security protocol in a country in South Asia, and the macro utilization sample disguised as an outbreak prevention guide, Executable files disguised as java running environment posted on a securities trading website in Pakistan. Mohsao Group used such malicious samples combined with current affairs hot spots to launch multiple attacks on neighboring countries and regions.

158651b9d28c530d8edb34e916c856bf.png
876ad3368abb91a001cc525b627c82f4.png

The sample is an EPS exploit file. Once the victim clicks the enable sample, the EPS script filter fltldr.exe will render the malicious EPS script to execute the malicious code.

Impact

  • Credential theft
  • Exposure of sensitive data 

Indicators of Compromise

Filename

  • National_Network_Security[.]docx
  • Covid19_Guidelines[.]doc

MD5

  • 23eafb7dc1130641cf816d11dc7bce10
  • 16c01b13998e96f27bd9e3aa795da875
  • f85a94ef1e9c0dca48dbecb5c8399e07
  • 809ff867d2cfe803ef4ae4102283b45c
  • 4c79583d189207ec9f138204fbb63810

SHA-256

  • 2ba13a3e540229677456d1e320f682bed8e6733bf6547b89a496b8d020eea698
  • dfe18346db405af2484064e80b5c0124bc80ca84d39b90e1aa5d5592c479a904
  • 21ee9bb5f2444fdf72d55109b7f823d5a5cd43d60aa1fb653764e2e5d20f2080

SHA1

  • 0aa66138590ab69ac68711a6a50a56da537a3646
  • 734807ef7b402219ab1badb5d5c1804639a465f9
  • 3956b3ab9d278a9662085fd5b55095849979ce11

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.