• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020
Exposed Vulnerabilities and Their Impacts
June 15, 2020

Rewterz Threat Alert – Indian APT Group Targeting Pakistani Government

June 15, 2020

Severity

High

Analysis Summary

An advanced persistent threat (APT) group believed to be based in India has been observed targeting government and military personnel in Pakistan using spear phishing emails.The threat group has been around for several years, conducting intelligence operations against political and military entities in South Asia. This is a a new round of attacks launched by the APT actor against Pakistani government. It comes as no surprise that cyber attacks against the Pakistan government continue, given the historically tense relations with india in the region and the recent rise of geopolitical tensions the group is also capable of targeting mobile phone users in the past operations this group have impersonated National bank of Pakistan while targeting Pakistani businessman.

Impact

  • Information theft
  • Exposure of sensitive data

Indicators of Compromise

MD5

  • 5da5ec4dec6ac6e41ce197dc41fb3d3c
  • 248323b43a58d226536202a649f88a83
  • 94a48c8430c69baca1ee704a1306d75d
  • babdeea216426a947cf20096f033f062
  • 7e484c7eed8990d2f4fc4bb0028dcc49

SHA-256

  • 65a2125a4cebac7b6b7ddfff9dab452609fc5eda51f77be758c36d0ad530ea47
  • 86a4fa2e4fc129fe0c98694dc26b51f5aeecf17ef0b53b035827072c9a9e2cac
  • 2b2b5c46d214c78f79d5f82b6bcd61ecf6fc2a89c47a976d0522bb8741de826a
  • 1d9ede11b34a20d4947f01432cea088dbefa911f02afaae9095673f56a76eafa
  • df5e577f0c9d54433dd4493f010c5a469da7f587cd55615304a5d677a96adb6e

SHA1

  • e9a12dac80b475defd5f41f58c5b5ee5a53554ff
  • c040e308b2c6ba0e7ce3fa458892cc51ef19cf67
  • f581dc1ce5e90a0ddb7b039362585a35a701572c
  • f0325654f23a5548b049429331b73fbddae92319
  • 6c395fe759c18aa18a1899332cada8ac562dac92

URL

  • http[:]//datasecure[.]icu
  • http[:]//remindme[.]top/
  • http[:]//yourcontents[.]xyz/
  • http[:]//meflying[.]xyz/

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your existing environment.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.