Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021- 21552 – Dell Wyse Windows Embedded System Security Update for an Improper Authorization Vulnerability
June 21, 2021
Rewterz
Rewterz Threat Alert – DarkSide Ransomware Targets Energy and Food Sectors – Active IOCs
June 21, 2021

Rewterz Threat Alert – New Molerats Malware Targets Governments in the Middle East – Active IOCs

Severity

Medium

Analysis Summary

A malware called LastConn distributed by TA402, a threat actor also known as Molerats. The malware targeted government institutions in the Middle East and global government organizations associated with geopolitics in the region. TA402 is a Middle Eastern advanced persistent threat (APT) group that often targets entities in Israel and Palestine, in addition to other regions in the Middle East. In campaigns identified throughout 2021, TA402 leveraged Middle Eastern geopolitical themes including the ongoing conflict in the Gaza Strip. The custom malware implant identified by Proofpoint enables the threat actor to conduct reconnaissance on the target host and exfiltrate data. TA402 leveraged multiple mechanisms to avoid automated threat analysis including geofencing based on IP addresses, only targeting computers with Arabic language packs installed, and password-protected archive files to distribute malware. 

advisory-1624260631.png

Impact

  • Credential Theft
  • Data Exfiltration

Indicators of Compromise

MD5

  • a03f516285d496d7f15c2e992846d109
  • d07654434d64b73fe8cb49cfb9b7e3fb
  • 80ece9b10c07fef60a7bdffa292da7de
  • d07654434d64b73fe8cb49cfb9b7e3fb
  • 674bbb246435921097548e2c4b519354
  • 80ece9b10c07fef60a7bdffa292da7de
  • a03f516285d496d7f15c2e992846d109

SHA-256

  • 6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
  • f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
  • 1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
  • f55e2050733576fa16452e2589a187f4bf202ca3b54b1497ba2c006e8d3bdd45
  • 0db46fea5a0be8624069f978f115e4270833df29ed776c712182327a758fd639
  • 0f36088ed9f5ffd4b42d35789113e99d8839edc52e554dbee0969bcad0200cfb
  • 1cf18ce4becf2244fb715aa52eb4d56b569a95f2a1e7a835d217a20a2757a2d8
  • 6d65804ca8f71e21b18de08176a53d8f203bc23629dd822ef3c0da217f95f119
  • cd60488acc0cc596c0de63eb0a7bca4ada4748fc4e76a86ca0fab42f15050347

SHA-1

  • 58f97a1534d83bb1b51cd1e39252a0be809cbcf4
  • 8fc864f028b59a3c4a34b013c119d79c5d72e24f
  • c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
  • 8fc864f028b59a3c4a34b013c119d79c5d72e24f
  • 6c5a12188e6befa0cf52ed3c14b695f821fd24ce
  • c61e29aeb04bd6e4eb44b12bda49f5da9731d6e0
  • 58f97a1534d83bb1b51cd1e39252a0be809cbcf4

Remediation

  • Block all threat indicators at your respective controls
  • Search for IOCs in your environment