• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2022-40308: Apache Archiva Vulnerbility
November 23, 2022
Rewterz Threat Advisory – CVE-2022-43782 – Atlassian Crowd Vulnerability
November 23, 2022

Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs

November 23, 2022

Severity

High

Analysis Summary

Hidden Cobra aka Lazarus APT, AppleWorm, APT C-26, Group-77, Guardians of Peace, Official 91, Red Dot, Term.Hermit, or Zinc, is one of North Korea’s most sophisticated threat actors, operating since at least 2009. Initially, they concentrated on South Korea but in the previous months shifted its focus to worldwide targets and began initiating attacks for monetary gain. This actor has been linked to attacks in South Korea, the United States, Japan, and a number of other nations. Lazarus APT is suspected of being behind a number of diverse campaigns, including cyber espionage attacks on financial institutions, government agencies, and the military.
This group is said to be behind the wiper attack on Sony Pictures Entertainment in November 2014 as part of Novetta’s Operation Blockbuster campaign. Lazarus Group’s malware is linked to other known campaigns such as Operation Flame, Operation Troy, DarkSeoul, Operation 1Mission, and Ten Days of Rain. In the last several years, these hackers have stolen at least $1.7 billion in cryptocurrencies. To manipulate their victims, Lazarus employs specific toolkits. The group tries to conceal its behavior, making malware detection and analysis more difficult.

In November 2022, threat actors deployed a new version of the DTrack backdoor to attack organizations in Europe and Latin America. Since 2019, the Lazarus group has used DTrack as a modular backdoor in attacks against a wide range of targets, from financial environments to a nuclear power plan. Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey, and the United States have all been the target of recent attacks.

Impact

  • Information Theft and Espionage
  • Sensitive Information Exposure

Indicators of Compromise

MD5

931d0969654af3f77fc1dab9e2bd66b1

SHA-256

f14c5bad5219b1ed5166eb02f5ff08a890a181cef2af565f3fe7bcea9c870e22

SHA-1

7cf53577520861a1833ae99489c307f98da01b4b

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.