Rewterz Threat Advisory – CVE-2021-43527 – Mozilla Network Security Services
December 2, 2021Rewterz Threat Alert – Emotet – Active IOCs
December 2, 2021Rewterz Threat Advisory – CVE-2021-43527 – Mozilla Network Security Services
December 2, 2021Rewterz Threat Alert – Emotet – Active IOCs
December 2, 2021Severity
High
Analysis Summary
Cyber espionage actors, aka APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests. In their current campaign, APT32 has leveraged files that employ social engineering methods to entice the victim into enabling macros. Upon execution, the initialized file downloads multiple malicious payloads from remote servers. APT32 actors continue to deliver malicious attachments via spear-phishing emails. APT32 actors designed multilingual lure documents which were tailored to specific victims. Although the files had “.DRV” file extensions, the recovered phishing lures were web page archives that contained text and images.
Impact
- Information Theft and Espionage
- Data exfiltration
Indicators of Compromise
MD5
- e875c3cc9205a2f8e8b7f26232e291c2
SHA-256
- 2ca371c92b395722a482c53f4497ee65ae558fc4afa4b212954909c6813688d8
SHA-1
- f88ed2d48767d9e220e7fac232d93f717fdc31fd
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.