Rewterz Threat Alert – APT Group Lazarus

Rewterz Threat Alert – Latest Trickbot – IOCs

June 22, 2020

Rewterz Threat Alert – Nefilim/Nephilim Ransomware Campaign

June 22, 2020

Rewterz Threat Alert – APT Group Lazarus – IOCs

Severity

High

Analysis Summary

Following samples of Lazarus group, an state sponsored threat actor targeting financially organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.

Impact

Credential theft
Financial loss
Exposure of sensitive information

Indicators of Compromise

MD5

18833939ade00657f8ea111c579d5c1b
b1913ca7a8e730a60bf498d3a056cfea
c984239172e847fcf57ccb906040cc0c

SHA-256

6d461bf3e3ca68b2d6d850322b79d5e3e647b0d515cb10449935bf6d77d7d5f2
6caa98870efd1097ee13ae9c21c6f6c9202a19ad049a9e65c60fce5c889dc4c8
c4875cc728e7c4bc00646df57c8c38370fe11439e4c95e38040ba84fe27eb0b9

SHA1

e00dcb35db80b84df6f8588783d2f1b50825b775
ac4d94ec5bafe46ad5a9b82bb1451883b8fb893b
1e960dd268a436bdeda44b2374208bd95089cd1d

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.