Rewterz

Rewterz Threat Alert – APT32 Ocean Lotus – IOCs

August 12, 2021
Rewterz

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

August 13, 2021

Rewterz Threat Alert – Kimsuky APT Group – Active IOCs

Severity

High

Analysis Summary

The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. A mobile malware researcher has shared information about a fake KISA vaccine or a security android app disguised as the KISA security program. When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device

advisory-1628831055.png

Impact

  • Watering hole attacks
  • Keyloggers
  • Remote Access Connections

Indicators of Compromise

Filename

  • BIO 양식[.]docx

MD5

  • 134a9de780f1b99288bc38d6c483762c

SHA-256

  • f7daf33176edeb7ca8840733171e15e5809c00cc3e94dd346660a026f3b36097

SHA-1

  • d0a263843cc7391ba321596747849128cf17e00d

Remediation

  • Search for IOCs in your environment.
  • Block all threat indicators at their respective controls.
  • Always be suspicious about emails sent by unknown senders.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.