Request a Demo
Rewterz
Rewterz Threat Alert – RattleSnake Targets Pakistan Navy
November 1, 2019
Rewterz
Rewterz Threat Alert – Home and Small Office Wireless Routers Exploited to Attack Gaming Servers
November 1, 2019

Rewterz Threat Alert – North Korean Trojan: HOPLIGHT

Severity

High

Analysis Summary

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing Trojan malware campaign, believed to be launched by the North Korean government.

Analysis by CISA showed that Hoplight can also read, write and move files, create and terminate system processes as well as injecting data into them. The malware can also create, start and stop Windows services, and modify the Registry configuration database. CISA observed that Hoplight can connect to remote network hosts and upload and download files to and from these.

Impact

  • Exposure of sensitive information
  • Data manipulation

Indicators of Compromise

IP

  • 112[.]175[.]92[.]57
  • 113[.]114[.]117[.]122
  • 117[.]239[.]241[.]2
  • 119[.]18[.]230[.]253
  • 128[.]200[.]115[.]228
  • 137[.]139[.]135[.]151
  • 14[.]140[.]116[.]172
  • 181[.]39[.]135[.]126
  • 186[.]169[.]2[.]237
  • 195[.]158[.]234[.]60
  • 197[.]211[.]212[.]59
  • 21[.]252[.]107[.]198
  • 210[.]137[.]6[.]37
  • 218[.]255[.]24[.]226
  • 221[.]138[.]17[.]152
  • 26[.]165[.]218[.]44
  • 47[.]206[.]4[.]145
  • 70[.]224[.]36[.]194
  • 81[.]94[.]192[.]10
  • 81[.]94[.]192[.]147
  • 84[.]49[.]242[.]125
  • 97[.]90[.]44[.]200

SHA256

  • 05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
  • 0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571
  • 084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319
  • 12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
  • 1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676
  • 2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
  • 32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11
  • 4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
  • 4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
  • 70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
  • 73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33
  • 83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
  • 8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520
  • b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9
  • b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101
  • c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8
  • d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
  • ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
  • f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03
  • fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about email sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.