• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – F5 Multiple Products OpenSSL Denial of Service Vulnerability
March 18, 2019
Rewterz Threat Advisory – VMWare Workstation Player Multiple Privilege Escalation Vulnerabilities
March 18, 2019

Rewterz Threat Alert – FASTCash/Lazarus Targeting Banks in Russia

March 18, 2019

Severity

Medium

Analysis Summary

The Lazarus campaign aimed at Russian banks uses malicious Office documents delivered as ZIP files, along with a PDF document called NDA_USA.pdf that contains a StarForce Technologies agreement, which is a Russian software company that provides copy protection software.

Moreover, researchers have observed increased targeting of interbank networks by the Lazarus group. These networks connect the ATMs of issuing banks, enabling ATM cards issued by members to work across all connected ATMs. Recently observed campaigns leverage social engineering and subsequent spear-phishing emails sent to employees of targeted organizations. The emails contain malicious attachments that, when opened, download known Lazarus malware.

Impact

Lazarus Attack

Indicators of Compromise

IP(s) / Hostname(s) 37[.]238[.]135[.]70
URLs Hxxp[:]//37[.]238[.]135[.]70/img/anan[.]jpg
Malware Hash (MD5/SHA1/SH256) 1c4745c82fdcb9d05e210eff346d7bee2f087357b17bfcf7c2038c854f0dee61
dc3fff0873c3e8e853f6c5e01aa94fcf
22d53ada23b2625265cdbddc8a599ee0
2b68360b0d4e26d2b5f7698fe324b87d
49a23160ba2af4fba0186512783482918b07a32b0e809de0336ba723636ae3b6
704d491c155aad996f16377a35732cb4
7646d1fa1de852bb99c621f5e9927221
8e099261929b1b09e9d637e8d054d5909b945b4157f29337977eb7f5fb835e5d
9894f6993cae186981ecb034899353a04f1a9b009bdf265cecda9595b725ee20
a7be38e8f84c5ad9cce30d009dc31d32
dc3fff0873c3e8e853f6c5e01aa94fcf

e23900b00ffd67cd8dfa3283d9ced691566df6d63d1d46c95b22569b49011f09
704d491c155aad996f16377a35732cb4
f4bdf0f967330f9704b01cc962137a70596822b8319d3b35404eafc9c6d2efe7
a7be38e8f84c5ad9cce30d009dc31d32

Remediation

  • Block the threat indicators at their respective controls.
  • Scan all documents downloaded from the internet/email attachments prior to execution.
  • Avoid downloading email attachments coming from untrusted sources. 
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.