Rewterz Threat Alert – GandCrab Ransomware – IoCs

September 12, 2019

Rewterz Threat Alert – NetCat – Intel Server CPUs Side Channel Vulnerability

September 13, 2019

Rewterz Threat Alert – Thrip Continues To Hit High Level Targets In South Asia

September 12, 2019

Severity

High

Analysis Summary

Thrip group, the stealthy China-based espionage group has continued to mount attacks in South East Asia, hitting military organizations, satellite communications operators, and a diverse range of other targets in the region. Thrip has been hitting the same types of organizations as when Symantec researchers first discovered the group in June 2018. What caught the researchers’ attention last year was the group’s targeting of a satellite communications operator, infecting computers that included software designed to monitor and control satellites.

Many of its recent attacks have involved a previously unseen backdoor known as Hannotog (Backdoor.Hannotog) and another backdoor known as Sagerunex (Backdoor.Sagerunex). Analysis of the latter has revealed close links to another long-established espionage group called Billbug (aka Lotus Blossom). In all likelihood, Thrip and Billbug now appear to be one and the same.

Thrip appears to be part of another nation-state backed hacking gang called Billbug or Lotus Blossom that has been operating in Southeast Asia for the past 10 years, the researchers say.

Impact

Exposure of sensitive information

Indicators of Compromise

Malware Hash (MD5/SHA1/SH256)

9348eba0582b19c4580491a32457a1904c41c06dee27ed07c86d986d3c98d15c
bd92ce8ef31cd40894b68338d9b71d371936b432b5347d944fad7d9381459761
0d1ecd92570b8ca7b2ffd60271c5f601c08a822197413cf4ffd552a7e2426ff6
19378dab8b242d94148ad5c48d57d9e45fec5f53b6724155488dd80566a66623
1e164da9ddd19d0b654e8a60b416c80e82f9bfc0ab35dd262733f4364610c9f4
27ccd12206d185bf3297df288febf7d47b93ccdc6ec0e5c389ae30da8cac4bf3
460e11159413b47399aac530433bb00132f54e3859da1f5305977275e37c6153
5174d45c4e64c5e6abe6639a6a1d6f64bb48b4fb0efdad2b0ea708be7cb82fce
523f28a364858bd7bb65de7c9e94bbdfbbdb9fe800421c990226662e293a05ea
76a309691661ed67808a9c438815e9a282495e2e8e0055f2fe40e42bcf002dab
868f0a1d3764e1c8e03a58caf1d4b8de946671d59b9145e30102ab6540349968
9530d2df7d340c74f061a1bff87bd2720ff11347b09f05cfb16e4dfd198f0168
9fd88a5d30fa36d8353cad6ea8b5f867429d39652bf85473de31c39466435775
c0be532e9fb71e0462f9bfdc8754df320be960b9d510a0b3b6d6cf128c537658
d45ad71497f48d0d2ebff8ecdcafc9e609b550c0ed76d540d7660dc27785d376
d54de8e0dc2b58b140f8677be3f0ea3c902dc3f3b112c7350aa95a9cbe24a8af
d7c6aa114df9be3a1e01c196ca44e929821d6a6316f4754b0933189f98af4fc7
fe2046e479289b1013eb394f5b3d7a49a419cb98015add3ead0fa87614fe6e38
3228a0d40222548ea3476b43b13a18ef09f06a4402e3280640ee297533b5a3a0
6b236d3fc54d36e6dc2a26299f6ded597058fed7c9099f1a37716c5e4b162abc
d9131bf2e2e2a80c319ed6ffbe5c726fe30eac50902705096d2610de52a774e2
f14c9c859e12cf70099af098668f849b2ca0e99de6cc62b8569c230f35e36aa5
0fb583b98cb73bd1bda1d60398fc6587a9541fff43d4db6dd172b853dcac1b17
6b01d376b355c56ede966ccf5cca6c8d5616962e67bbf0ddbf7ad395d117fdee
db921a575fa7fd4b0c1b405a54f77d10c73eb1cb1384a27d584d7323e72938b6

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the link/attachments sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

Rewterz Threat Advisory – CVE-2023-40363 – IBM InfoSphere Information Server Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us