Rewterz Threat Alert – Lazarus Maldoc, Reuse of Lures

October 9, 2019

Severity

High

Analysis Summary

Lazarus have been active again are targeting different countries and organizations. Some samples of their activity were analyzed by a group of researchers. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea.

Impact

Financial loss

Indicators of Compromise

Malware Hash

6016cbecb94edbfebb3d1596d159733485504d09e08295d2a5893a0c19f8e28f
5f0425a95c4024f1d7d2f61e7ece50eb
a04c2f08531a04b66fe59c7e790a6a20892100e0
130e62b9b5c34d2e57bae42410378d78091e0c32a955c37b1191befb2ea427c0
fbe120b245942b6eeb360311b549e160
938ad782320855ffa8daabf48def77a57dac3e80

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Ongoing njRAT Campaign Against Middle East

Here’s how VPNs can be Exploited by Attackers

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.