Rewterz

Rewterz Threat Alert – RattleSnake Targets Pakistan Navy

November 1, 2019
Rewterz

Rewterz Threat Alert – Home and Small Office Wireless Routers Exploited to Attack Gaming Servers

November 1, 2019

Rewterz Threat Alert – North Korean Trojan: HOPLIGHT

Severity

High

Analysis Summary

The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing Trojan malware campaign, believed to be launched by the North Korean government.

Analysis by CISA showed that Hoplight can also read, write and move files, create and terminate system processes as well as injecting data into them. The malware can also create, start and stop Windows services, and modify the Registry configuration database. CISA observed that Hoplight can connect to remote network hosts and upload and download files to and from these.

Impact

  • Exposure of sensitive information
  • Data manipulation

Indicators of Compromise

IP

  • 112[.]175[.]92[.]57
  • 113[.]114[.]117[.]122
  • 117[.]239[.]241[.]2
  • 119[.]18[.]230[.]253
  • 128[.]200[.]115[.]228
  • 137[.]139[.]135[.]151
  • 14[.]140[.]116[.]172
  • 181[.]39[.]135[.]126
  • 186[.]169[.]2[.]237
  • 195[.]158[.]234[.]60
  • 197[.]211[.]212[.]59
  • 21[.]252[.]107[.]198
  • 210[.]137[.]6[.]37
  • 218[.]255[.]24[.]226
  • 221[.]138[.]17[.]152
  • 26[.]165[.]218[.]44
  • 47[.]206[.]4[.]145
  • 70[.]224[.]36[.]194
  • 81[.]94[.]192[.]10
  • 81[.]94[.]192[.]147
  • 84[.]49[.]242[.]125
  • 97[.]90[.]44[.]200

SHA256

  • 05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
  • 0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571
  • 084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319
  • 12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
  • 1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676
  • 2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
  • 32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11
  • 4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
  • 4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
  • 70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
  • 73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33
  • 83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
  • 8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520
  • b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9
  • b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101
  • c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8
  • d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
  • ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
  • f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03
  • fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about email sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.