Rewterz Threat Alert – Active Nanocore IoCs
April 5, 2021Rewterz Threat Advisory – CVE-2021-22696 – Apache CXF denial of service
April 6, 2021Rewterz Threat Alert – Active Nanocore IoCs
April 5, 2021Rewterz Threat Advisory – CVE-2021-22696 – Apache CXF denial of service
April 6, 2021Severity
High
Analysis Summary
Following samples of Lazarus group, an state sponsored threat actor targeting financially organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region.
Impact
- Information theft and espionage
- Exposure of sensitive data
- Data exfiltration
Indicators of Compromise
MD5
- 60282e952e253baa8b1ef6da557cc62b
- 917488c836a5f368c14cc1d49480db9c
SHA-256
- 301fa739b35c78ef51066c4eb2518ee9c438be267eaf1ea984fc77adab9bbea2
- 2c3bace197c9dc1a061dd20f671018de26d0d6fee16946eed1d692338f1ab6f5
SHA1
- 07c1187247a59a81411ec953bdc01c7b7dbfc3ef
- 6658ff7f8e358ad989fcb9e0a83f69d90ba2e616
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.