• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Informative Update – Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions
June 8, 2021
Rewterz Threat Advisory – Confucius APT Group Actively Targeting Pakistani Officials Deploying Warzone RAT
June 8, 2021

Rewterz Threat Alert – APT group Kimsuky – Active IOCs

June 8, 2021

Severity

High

Analysis Summary

The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. A mobile malware researcher has shared information about a fake KISA vaccine or security android app disguised as the KISA security program. When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device. 

advisory-1623139459.png
advisory-1623139452.png

Impact

  • Watering hole attacks
  • Keyloggers
  • Remote Access Connections

Indicators of Compromise

MD5

  • e7caf25de7ce463a6f22ecb8689389ad

SHA-256

  • fe1a734019f0dc714bd3360e2369853ea97c02f108afe963769318934470967b

SHA1

  • 16b3487022b674040227afc8979ffedd2f70b67e

URL

  • hxxp[:]//app[.]at-me[.]ml/index[.]php
  • hxxp[:]//app[.]at-me[.]ml/index[.]php?m=c&p1=3666e8b2182d8249

Remediation

  • Keep your system and applications updated.
  • It is always wise to install mobile applications only from trusted application stores.
  • Enable two-factor authentication

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.