Rewterz Threat Advisory – Multiple Vulnerabilities of Citrix ADC and Gateway
June 11, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 11, 2021Rewterz Threat Advisory – Multiple Vulnerabilities of Citrix ADC and Gateway
June 11, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 11, 2021Severity
Medium
Analysis Summary
Following samples of Lazarus group, a state-sponsored threat actor targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.
Impact
- Information theft and espionage
- Data exfiltration
- Exposure of sensitive data
Indicators of Compromise
Filename
- airbus_job_opportunity_confidential[.]doc
MD5
- 4fb3bd661331b10fbd01e5f3e72f476c
- b7dbb3bef80d04e4b8981ab4011f4bfe
SHA-256
- 294acafed42c6a4f546486636b4859c074e53d74be049df99932804be048f42c
- 3b33b0739107411b978c3cbafb312a44b7488bd7adabae3e7b02059240b6dc83
SHA-1
- 905f448dec32c96f5aa887a5085450f35381de5e
- 8a3cad10d3f3fa07be7752296b017b6a367082c0
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.