Rewterz Threat Alert – Donot APT Group – Active IOCs
November 3, 2021Rewterz Threat Advisory – CVE-2021-1048 – Google Zero-Day Actively Exploited In The Wild
November 3, 2021Rewterz Threat Alert – Donot APT Group – Active IOCs
November 3, 2021Rewterz Threat Advisory – CVE-2021-1048 – Google Zero-Day Actively Exploited In The Wild
November 3, 2021Severity
High
Analysis Summary
Following samples of Lazarus group aka Guardians of Peace, a state-sponsored North Korean threat actor group targeting financial organizations for their gains have been active again and actively targeting different organizations via phishing emails dropping malicious word documents which enables macro when downloaded and executed. The malicious file suspected of being used as an attachment has the name Boeing BDS MSE.docx. Previously these campaigns were specifically crafted to target Russian organizations but now they’ve shifted their tilt towards Asia pacific region
Impact
- Information theft and espionage
- Remote code execution
- Exposure of sensitive data
Indicators of Compromise
Filename
- LMCO – Senior Quality Engineer[.]docx
MD5
- 87d79e21b2989937a1808b1b3c906bb0
SHA-256
- 8562f6b2a95963f076f7bc6ff00401d96656eafda1cfad3af53b3e3b99ae6452
SHA-1
- f601408fa9b1b4ecfe71addec0c3ddb514d91e54
Remediation
- Block all threat indicators at your respecitive controls.
- Search for IOCs in your environment.