Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]September 22, 2023Severity Medium Analysis Summary First discovered in 2016, Revenge RAT is a remote access trojan (RAT) designed to give an attacker complete control over an infected […]September 22, 2023Severity High Analysis Summary The Konni APT (Advanced Persistent Threat) group is a cyber espionage group that has been active since at least 2014. It is […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2023-22023 – Oracle Solaris Vulnerability
July 21, 2023Rewterz Threat Alert – Remcos RAT – Active IOCs
July 21, 2023
Severity
High
Analysis Summary
Patchwork is an Advanced Persistent Threat (APT) group that has been active since at least 2014. Patchwork primarily targets government, defense, and diplomatic organizations, as well as academic institutions, in South and Southeast Asia, including India, Pakistan, and Bangladesh. However, the group has also been known to target organizations in other regions, including Europe and North America.
The group is believed to be of Indian origin and has been linked to several cyber espionage campaigns. Patchwork has used a range of tactics, techniques, and procedures (TTPs) in its attacks. Once inside the networks, the group attempts to maintain persistence by regularly establishing new accounts, installing backdoors and other malicious tools, and performing malicious activities. Additionally, Patchwork has been known to employ social engineering techniques to track down and exfiltrate data from compromised systems. The group has also been known to use various evasion techniques in order to avoid detection by security solutions. In some cases, the group has been able to remain undetected for extended periods of time.
Overall, Patchwork is a sophisticated and persistent threat actor that poses a significant risk to targeted organizations. It is essential for organizations to have robust security measures in place to protect against these types of attacks, including regular software updates and employee awareness training.
Impact
- Information Theft
- Unauthorized Remote Access
Indicators of Compromise
MD5
- 5a2265017b8083d540f274f16038c6df
- 893060bff7da03f5555ecc9931d0c700
SHA-256
- 6ea87a23225a059716d8c31a142492013f598a162cb30f1c39ce7af80abcecaf
- a7acb7fa69f218475e06fb27dceac3f199b9cb7cbea07d01c0cfb220b465cbc4
SHA-1
- be14f19e4cc5b12fcc3a4a43d8ebafe74c9628e4
- 57084a2d38c9404f8df701d039cfb9dacafc455b
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Do not download documents attached in emails from unknown sources and strictly refrain from enabling macros when the source isn’t reliable.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Along with network and system hardening, code hardening should be implemented within the organization so that their websites and software are secure. Use testing tools to detect any vulnerabilities in the deployed codes.