• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – ZLoader Banking Trojan Highly Active
December 1, 2020
Rewterz Threat Advisory – ICS: Schneider Electric EcoStruxure Operator Terminal Expert runtime
December 2, 2020

Rewterz Threat Alert – APT Groups Kimsuky Konni targets SouthEast Asia

December 2, 2020

Severity

High

Analysis Summary

The two APT Group Kimsuky and Konni overlap each other in a bait document targeting SouthEast Asian country Indonesia. The motive of the group remain unknown at this point but the document in Indonesian language is the dropped via phishing email. 

Image
Image

The malicious word document has both  North Korean and South Korean fonts with the test was done with North Korean font and attack was initiated with South Korean font. Both groups have been targeting SouthEast Asian countries in their latest attack chain and previously Vietnam and other SouthEast Asian countries were targeted. The main targets of the attack are usually government and military officials or reporters.   

Impact

  • Data breach
  • Exposure of sensitive data/documents

Indicators of Compromise

From Email

  • poole[.]sion2015@yandex[.]com

MD5

  • 8a1440dbbcb5ed848de46e70005cd128

SHA-256

  • 57b59b770f313b0a09b651bfba0c95cdba482d4a41fa2e95593674dd5cd83c5b

SHA1

  • 5d48ed9a77e7efb9ae46aa7a9f528ae4d13951f9

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.