Rewterz Threat Advisory – Multiple Juniper Networks Junos OS Vulnerabilities
January 17, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
January 17, 2022Rewterz Threat Advisory – Multiple Juniper Networks Junos OS Vulnerabilities
January 17, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
January 17, 2022Severity
High
Analysis Summary
Cyber espionage actors, aka APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests. In their current campaign, APT32 has leveraged files that employ social engineering methods to entice the victim into enabling macros. Upon execution, the initialized file downloads multiple malicious payloads from remote servers. APT32 actors continue to deliver malicious attachments via spear-phishing emails. APT32 actors designed multilingual lure documents which were tailored to specific victims. Although the files had “.DRV” file extensions, the recovered phishing lures were web page archives that contained text and images
Impact
- Information Theft and Espionage
- Data exfiltration
Indicators of Compromise
Filename
- HS[.]doc
MD5
- 92f5f40db8df7cbb1c7c332087619afa
SHA-256
- 1a7a5228aa8e598d0225caa15d2a7fca2523ff23c35ce53a5bf4f228ad079608
SHA-1
- fe2ecafae9219b7821a68566ba349d38dcdca6e3
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.