November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2019-10936 – Siemens PROFINET Devices Denial of Service Vulnerability
October 11, 2019Rewterz Threat Alert – Mahalo FIN7 – IOC’s
October 11, 2019Rewterz Threat Advisory – CVE-2019-10936 – Siemens PROFINET Devices Denial of Service Vulnerability
October 11, 2019Rewterz Threat Alert – Mahalo FIN7 – IOC’s
October 11, 2019
Severity
High
Analysis Summary
The Kimsuky group is a threat group that is known to have been behind the KHNP (Korea Hydro & Nuclear Power) cyber terrorism attacks in 2014 and is still active as of 2019. The spear-phishing email used in the attack was designed with the purpose of stealing portal account information and attaching malicious code. The main targets of the attack are government and military officials or reporters.
Impact
- Credential theft
- Financial loss
Indicators of Compromise
Malware Hashes:
MD5
- f22db1e3ea74af791e34ad5aa0297664
- 4de21c3af64b3b605446278de92dfff4
- 53ac231e8091abcd0978124f9268b4e4
- 8b59ea1ee28e0123da82801abc0cce4d
SH256
- 4f279a55f3658df8206b0b4ca231960a99b51ea3a8a1314a77c3a453ecf5ea2e
- b40f367c6ec771a7798ec72abff730fb4bba032f18bcc137d572e4119a23f21c
URL
- http[:]//sariwon[.]co[.]kr/bbs/filter/6EBDB1428052/private64
- http[:]//sariwon[.]co[.]kr/bbs/filter/6EBDB1428052/secu64_init
- http[:]//sariwon[.]co[.]kr/bbs/filter/E826DDE74E06/private64
- http[:]//sariwon[.]co[.]kr/bbs/filter/E826DDE74E06/secu64_init
- http[:]//www[.]sariwon[.]co[.]kr/bbs/security/scnu/HncCheck[.]zip
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.