Rewterz Threat Advisory – Apache Tomcat code execution
March 2, 2021Rewterz Threat Alert – Donot APT group – IOCs
March 2, 2021Rewterz Threat Advisory – Apache Tomcat code execution
March 2, 2021Rewterz Threat Alert – Donot APT group – IOCs
March 2, 2021Severity
High
Analysis Summary
The APT group known as StrongPity is back with a new campaign targeting users in different regions. The group has previously targeted financial, industrial and educational sectors for data exfiltration and to look out for any file or document from a victim’s machine. The group also known as Promethium and StrongPity, the earliest attack activity of the APT organization can be traced back to 2012 . The organization is mainly targeting Italy, Turkey, Belgium, Syria, Europe and other regions and countries to conduct attacks.
Impact
- Data exfiltration
- Exposure of sensitive data
- Information theft and espionage
Indicators of Compromise
MD5
- dc0feea70e38569252cd4bee7311f6cd
- 6a58c90bbabef1566f507756b2e32371
SHA-256
- 53ac7efae89d312b7a35b1793396d3a6bd3d6253e4527b6ff7a3e4a8526337fa
- ef3ca0dcc78584c51e24ace2abf99a6ccccad879c73816c960defbdbfec38b22
SHA1
- 85e693f74ae6454b56292fab921daa35b63d390a
- 0ab429303850a94e42d84e184d03ab290f0de6c5
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.