Request a Demo
Rewterz
Rewterz Threat Advisory –CVE-2021-34481 – Print Spooler Elevation of Privilege Vulnerability
July 16, 2021
Rewterz
Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 19, 2021

Rewterz Threat Alert – APT Group Lazarus Targeting Different Sectors

Severity

High

Analysis Summary

Several documents identified from May to July 2021 by Twitter users were identified as being linked to the Lazarus group. Documents observed in previous campaigns lured victims with job opportunities for Boeing and BAE systems. All these documents contains macro malware which are developed to steal information from the users. This is an attempt to impersonate defense contractors and engineering companies like Airbus, General Motors (GM), and Rheinmetall.

Impact

  • Information theft and espionage.
  • Exposure of sensitive data.

Indicators of Compromise

Domain Name

  • shopweblive[.]com

Filename

  • rheinmetall_job_requirements[.]doc
  • general_motors_cars[.]doc
  • Airbus_job_opportunity_confidential[.]doc

MD5

  • cb1ae1de9487edd65c2201f1f4a36e3c
  • f86fb4a63cdff302af2ccf2b2663d757
  • 648dea285e282467c78ac184ad98fd77
  • 4fb3bd661331b10fbd01e5f3e72f476c
  • d4a8923414daf0fe1ac7eed22645dff3
  • a9e277f7fa7b5b4cc9236175754ffd11
  • 0198aef369ed3da11469972d51eec9
  • 0a25ad6a8b1d7d5432c44b27667804f5
  • b7dbb3bef80d04e4b8981ab4011f4bfe
  • 0a23a291685f06c99c00aff627a5916f
  • 5bc9e1ae539728e7568e3f149c2da61b
  • 1417f890248f193bb241f6b458ae4a97
  • 9e54e1a831824f2cca3bbc2d8c5db108

SHA-256

  • e6dff9a5f74fff3a95e2dcb48b81b05af5cf5be73823d56c10eee80c8f17c845
  • ffec6e6d4e314f64f5d31c62024252abde7f77acdd63991cb16923ff17828885
  • 8e1746829851d28c555c143ce62283bc011bbd2acfa60909566339118c9c5c97
  • 294acafed42c6a4f546486636b4859c074e53d74be049df99932804be048f42c
  • 65f7211c3d7fde25154b4226a7bef0712579e0093020510f6a4bb4912a674695
  • ebd6663d1df8228684a0b2146b68ce10169fc41c5e91c443fdf6f844f5ffeb62
  • 97515b70184f4553e5ae6b51d06a148b30d0a6632c077b98ad320e3c27cfd96f
  • f5563f0e63d9deed90b683a15ebd2a1fda6b72987742afb40a1202ddb9e867d0
  • 3b33b0739107411b978c3cbafb312a44b7488bd7adabae3e7b02059240b6dc83
  • f53d4b3eb76851e88c6f30f1ecc67796bbd6678b8e2e9bc0a8f2582c42a467c6
  • 9362425ae690b5bf74782eafe959195f25ac8bad370794efd4a08048141efb32
  • 5c206b4dc2d3a25205176da9a1129c9f814c030a7bac245e3aaf7dd5d3ca4fbe
  • 1690ce43530acf725f33aa30f715855d226d63276557d0e33fbcaf9b5ff9b84c

SHA-1

  • 80cb89663d148dd302301e9f66b37d1c3de91a59
  • 3d57c7680f3f9351164f75a7d477a815e39b0389
  • 5c194ec7cfe33dd738fca71adf960c85e6ed7646
  • 905f448dec32c96f5aa887a5085450f35381de5e
  • c4dbed62be7a08603861589ee65e6b0a2366d927
  • c84cf71f08e69e6518a4a3dde6d12627b582a161
  • fbe67fa79b541f8ab7c1995fd95c17b8984b5d2d
  • 1a83f382948ba7c8deaeb259ff674443b1f113f1
  • 8a3cad10d3f3fa07be7752296b017b6a367082c0
  • 3a079ebbb7efba0fd8b1caebbead27e7d78d47a6
  • 5d435c8eb4c34f713dbc28d1b3852e55ccb30b30
  • b2dfcbd8c3966ebed9275db7b14e359412db9963
  • fb51917fde7984628f5b96f72229511c7879abac

Remediation

  • Block all threat indicators at their respective controls.
  • Search for IOCs in your environment