Rewterz Threat Alert – Active Agent Tesla Campaign Targeting Financial Sector

November 29, 2021

Rewterz Threat Advisory – Multiple QNAP QVR Vulnerabilities

November 30, 2021

Rewterz Threat Alert – Lazarus APT Group – Active IOCs

November 29, 2021

Severity

High

Analysis Summary

Following samples of Lazarus group aka Guardians of Peace, a state-sponsored North Korean threat actor group targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. The malicious file suspected of being used as an attachment has the name idahelper.dll. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region

Impact

Information theft and espionage
Exposure of sensitive data

Indicators of Compromise

Filename

북한의 최근 정세와 우리의 안보[.]doc (Recent Situation in North Korea and Our
Security[.]doc)

MD5

baa9b34f152076ecc4e01e35ecc2de18

SHA-256

700db4ae28f53782d239e83db189c7c956b06f61e04cb4a55ff4bc759faa170e

SHA-1

a6805a3c7b3b451098389fa6d78c8387ad1a6cce

Remediation

Always be suspicious about emails sent by unknown senders.
Never click on links/attachments sent by unknown senders.
Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Remcos RAT – Active IOCs

Multiple Dell BSAFE SSL-J Vulnerabilities

Multiple Microsoft Windows Vulnerabilities Exploit in the Wild

Threat Insights

About Us

Our Leadership

CSR

Connect with Us