Rewterz Threat Alert – Lazarus Maldoc, Reuse of Lures

Rewterz Threat Alert – Ongoing njRAT Campaign Against Middle East

October 9, 2019

Here’s how VPNs can be Exploited by Attackers

October 9, 2019

Rewterz Threat Alert – Lazarus Maldoc, Reuse of Lures

Severity

High

Analysis Summary

Lazarus have been active again are targeting different countries and organizations. Some samples of their activity were analyzed by a group of researchers. The malware is linked to Lazarus, a reportedly North Korean group of attackers. One malicious document appears to be targeting members of a recent G20 Financial Meeting, seeking coordination of the economic policies between the wealthiest countries. Another is reportedly related to the recent theft of $30 million from the Bithumb crypto-currency exchange in South Korea.

Impact

Financial loss

Indicators of Compromise

Malware Hash

6016cbecb94edbfebb3d1596d159733485504d09e08295d2a5893a0c19f8e28f
5f0425a95c4024f1d7d2f61e7ece50eb
a04c2f08531a04b66fe59c7e790a6a20892100e0
130e62b9b5c34d2e57bae42410378d78091e0c32a955c37b1191befb2ea427c0
fbe120b245942b6eeb360311b549e160
938ad782320855ffa8daabf48def77a57dac3e80

Remediation

Block all threat indicators at your respective controls.
Always be suspicious about emails sent by unknown senders.
Never click on the links/attachments sent by unknown senders.

Rewterz Threat Alert – Ongoing njRAT Campaign Against Middle East

Here’s how VPNs can be Exploited by Attackers

Rewterz Threat Alert – Lazarus Maldoc, Reuse of Lures

Severity

Analysis Summary

Impact

Indicators of Compromise

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan