Rewterz Threat Advisory –CVE-2021-34481 – Print Spooler Elevation of Privilege Vulnerability
July 16, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 19, 2021Rewterz Threat Advisory –CVE-2021-34481 – Print Spooler Elevation of Privilege Vulnerability
July 16, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
July 19, 2021Severity
High
Analysis Summary
Several documents identified from May to July 2021 by Twitter users were identified as being linked to the Lazarus group. Documents observed in previous campaigns lured victims with job opportunities for Boeing and BAE systems. All these documents contains macro malware which are developed to steal information from the users. This is an attempt to impersonate defense contractors and engineering companies like Airbus, General Motors (GM), and Rheinmetall.
Impact
- Information theft and espionage.
- Exposure of sensitive data.
Indicators of Compromise
Domain Name
- shopweblive[.]com
Filename
- rheinmetall_job_requirements[.]doc
- general_motors_cars[.]doc
- Airbus_job_opportunity_confidential[.]doc
MD5
- cb1ae1de9487edd65c2201f1f4a36e3c
- f86fb4a63cdff302af2ccf2b2663d757
- 648dea285e282467c78ac184ad98fd77
- 4fb3bd661331b10fbd01e5f3e72f476c
- d4a8923414daf0fe1ac7eed22645dff3
- a9e277f7fa7b5b4cc9236175754ffd11
- 0198aef369ed3da11469972d51eec9
- 0a25ad6a8b1d7d5432c44b27667804f5
- b7dbb3bef80d04e4b8981ab4011f4bfe
- 0a23a291685f06c99c00aff627a5916f
- 5bc9e1ae539728e7568e3f149c2da61b
- 1417f890248f193bb241f6b458ae4a97
- 9e54e1a831824f2cca3bbc2d8c5db108
SHA-256
- e6dff9a5f74fff3a95e2dcb48b81b05af5cf5be73823d56c10eee80c8f17c845
- ffec6e6d4e314f64f5d31c62024252abde7f77acdd63991cb16923ff17828885
- 8e1746829851d28c555c143ce62283bc011bbd2acfa60909566339118c9c5c97
- 294acafed42c6a4f546486636b4859c074e53d74be049df99932804be048f42c
- 65f7211c3d7fde25154b4226a7bef0712579e0093020510f6a4bb4912a674695
- ebd6663d1df8228684a0b2146b68ce10169fc41c5e91c443fdf6f844f5ffeb62
- 97515b70184f4553e5ae6b51d06a148b30d0a6632c077b98ad320e3c27cfd96f
- f5563f0e63d9deed90b683a15ebd2a1fda6b72987742afb40a1202ddb9e867d0
- 3b33b0739107411b978c3cbafb312a44b7488bd7adabae3e7b02059240b6dc83
- f53d4b3eb76851e88c6f30f1ecc67796bbd6678b8e2e9bc0a8f2582c42a467c6
- 9362425ae690b5bf74782eafe959195f25ac8bad370794efd4a08048141efb32
- 5c206b4dc2d3a25205176da9a1129c9f814c030a7bac245e3aaf7dd5d3ca4fbe
- 1690ce43530acf725f33aa30f715855d226d63276557d0e33fbcaf9b5ff9b84c
SHA-1
- 80cb89663d148dd302301e9f66b37d1c3de91a59
- 3d57c7680f3f9351164f75a7d477a815e39b0389
- 5c194ec7cfe33dd738fca71adf960c85e6ed7646
- 905f448dec32c96f5aa887a5085450f35381de5e
- c4dbed62be7a08603861589ee65e6b0a2366d927
- c84cf71f08e69e6518a4a3dde6d12627b582a161
- fbe67fa79b541f8ab7c1995fd95c17b8984b5d2d
- 1a83f382948ba7c8deaeb259ff674443b1f113f1
- 8a3cad10d3f3fa07be7752296b017b6a367082c0
- 3a079ebbb7efba0fd8b1caebbead27e7d78d47a6
- 5d435c8eb4c34f713dbc28d1b3852e55ccb30b30
- b2dfcbd8c3966ebed9275db7b14e359412db9963
- fb51917fde7984628f5b96f72229511c7879abac
Remediation
- Block all threat indicators at their respective controls.
- Search for IOCs in your environment