Rewterz Threat Alert – ZLoader Banking Trojan Highly Active
December 1, 2020Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert runtime
December 2, 2020Rewterz Threat Alert – ZLoader Banking Trojan Highly Active
December 1, 2020Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert runtime
December 2, 2020Severity
High
Analysis Summary
The two APT Group Kimsuky and Konni overlap each other in a bait document targeting SouthEast Asian country Indonesia. The motive of the group remain unknown at this point but the document in Indonesian language is the dropped via phishing email.
The malicious word document has both North Korean and South Korean fonts with the test was done with North Korean font and attack was initiated with South Korean font. Both groups have been targeting SouthEast Asian countries in their latest attack chain and previously Vietnam and other SouthEast Asian countries were targeted. The main targets of the attack are usually government and military officials or reporters.
Impact
- Data breach
- Exposure of sensitive data/documents
Indicators of Compromise
From Email
- poole[.]sion2015@yandex[.]com
MD5
- 8a1440dbbcb5ed848de46e70005cd128
SHA-256
- 57b59b770f313b0a09b651bfba0c95cdba482d4a41fa2e95593674dd5cd83c5b
SHA1
- 5d48ed9a77e7efb9ae46aa7a9f528ae4d13951f9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.