Rewterz Threat Alert – APT32 Ocean Lotus – IOCs
August 12, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 13, 2021Rewterz Threat Alert – APT32 Ocean Lotus – IOCs
August 12, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
August 13, 2021Severity
High
Analysis Summary
The North Korean advanced persistent threat (APT) group Kimsuky has been found to be distributing a fake Korean Internet and Security Agency (KISA) app via malicious emails. A mobile malware researcher has shared information about a fake KISA vaccine or a security android app disguised as the KISA security program. When the target downloads the APK implanted file from the email and installs the application on his device, the malicious code does its job. It executes in the background without the target’s knowledge and collects sensitive information from his device
Impact
- Watering hole attacks
- Keyloggers
- Remote Access Connections
Indicators of Compromise
Filename
- BIO 양식[.]docx
MD5
- 134a9de780f1b99288bc38d6c483762c
SHA-256
- f7daf33176edeb7ca8840733171e15e5809c00cc3e94dd346660a026f3b36097
SHA-1
- d0a263843cc7391ba321596747849128cf17e00d
Remediation
- Search for IOCs in your environment.
- Block all threat indicators at their respective controls.
- Always be suspicious about emails sent by unknown senders.