Rewterz Threat Alert – Lazarus APT Group

Rewterz Threat Advisory – CVE-2020-12695 – CallStranger Vulnerability

June 9, 2020

Rewterz Threat Alert – Emissary Panda APT Group – IOCs

June 9, 2020

Rewterz Threat Alert – Lazarus APT Group – IOCs

Severity

High

Analysis Summary

Following samples of Lazarus group, an state sponsored threat actor targeting financially organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.

Impact

Credential theft
Financial loss
Exposure of sensitive information

Indicators of Compromise

MD5

84aa5a019b9c50118a9a42a197358060
2142739359fd0c614ffe3e2fcbc8c89d

SHA-256

4dc302e1f7cf8bdc4983fdf02cf5b13bcd9314bb87953b9c6797187700192665
4a4224f6c898ead010964627a9dcee369eb6205afc52a23253eb1eb7349b020a

SHA1

e6b4362f843437789b2d7854a390a372a28ffc9a
9ca3d6e4c3efc58aa7775a68571e3933c32e43f4

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your respective environments.