Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020Exposed Vulnerabilities and Their Impacts
June 15, 2020Severity
High
Analysis Summary
An advanced persistent threat (APT) group believed to be based in India has been observed targeting government and military personnel in Pakistan using spear phishing emails.The threat group has been around for several years, conducting intelligence operations against political and military entities in South Asia. This is a a new round of attacks launched by the APT actor against Pakistani government. It comes as no surprise that cyber attacks against the Pakistan government continue, given the historically tense relations with india in the region and the recent rise of geopolitical tensions the group is also capable of targeting mobile phone users in the past operations this group have impersonated National bank of Pakistan while targeting Pakistani businessman.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
MD5
- 5da5ec4dec6ac6e41ce197dc41fb3d3c
- 248323b43a58d226536202a649f88a83
- 94a48c8430c69baca1ee704a1306d75d
- babdeea216426a947cf20096f033f062
- 7e484c7eed8990d2f4fc4bb0028dcc49
SHA-256
- 65a2125a4cebac7b6b7ddfff9dab452609fc5eda51f77be758c36d0ad530ea47
- 86a4fa2e4fc129fe0c98694dc26b51f5aeecf17ef0b53b035827072c9a9e2cac
- 2b2b5c46d214c78f79d5f82b6bcd61ecf6fc2a89c47a976d0522bb8741de826a
- 1d9ede11b34a20d4947f01432cea088dbefa911f02afaae9095673f56a76eafa
- df5e577f0c9d54433dd4493f010c5a469da7f587cd55615304a5d677a96adb6e
SHA1
- e9a12dac80b475defd5f41f58c5b5ee5a53554ff
- c040e308b2c6ba0e7ce3fa458892cc51ef19cf67
- f581dc1ce5e90a0ddb7b039362585a35a701572c
- f0325654f23a5548b049429331b73fbddae92319
- 6c395fe759c18aa18a1899332cada8ac562dac92
URL
- http[:]//datasecure[.]icu
- http[:]//remindme[.]top/
- http[:]//yourcontents[.]xyz/
- http[:]//meflying[.]xyz/
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your existing environment.