Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
February 23, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
February 23, 2023Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
February 23, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
February 23, 2023Severity
High
Analysis Summary
Patchwork is an Advanced Persistent Threat (APT) group that has been active since 2016. The group’s operations focus on South and Southeast Asia, with India being its primary target. Patchwork employs various tactics such as spearphishing, exploiting software vulnerabilities, deploying malicious documents or links and conducting open-source reconnaissance to gain access to victims’ systems.
Once inside the networks, the group attempts to maintain persistence by regularly establishing new accounts, installing backdoors and other malicious tools, and performing malicious activities. Additionally, Patchwork has been known to employ social engineering techniques to track down and exfiltrate data from compromised systems. The group has also been known to use various evasion techniques in order to avoid detection by security solutions. In some cases, the group has been able to remain undetected for extended periods of time.
Impact
- Information Theft
- Unauthorized Remote Access
Indicators of Compromise
MD5
- e38ea502192be6dd778454d05999c4b6
SHA-256
- 038da443e2ffc69b0c3d6bba7eab229166d1340ff07754fd51019d74a89b0c0b
SHA-1
- 2e509733aca368f81d4784a35110a7ef918778c9
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Do not enable macros for untrusted files.