November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – CVE-2021-22160 – Apache Pulsar Information Disclosure Vulnerability
May 27, 2021Rewterz Threat Alert – Microsoft Outlook and SharePoint Web Phishing – IOCs
May 27, 2021Rewterz Threat Advisory – CVE-2021-22160 – Apache Pulsar Information Disclosure Vulnerability
May 27, 2021Rewterz Threat Alert – Microsoft Outlook and SharePoint Web Phishing – IOCs
May 27, 2021
Severity
High
Analysis Summary
Following samples of Lazarus group, a state-sponsored threat actor targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards China. The timing of this campaign is crucial as the world goes through major economic and strategic change after the global pandemic. Countries are making their efforts to gain an advantage over their rivals by espionage campaigns and regain the lost advantage.
Impact
- Information theft and espionage
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
- 9a06ce2b0b038de9147f93bbb3b3c56c
SHA-256
- fd02d7c88c831930ffe45984c714364c004cbb30c3f38cbaf63d0867ac5dd7a1
SHA1
- a36d8558f1b0796612b17975bc72dd5d335729ec
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.