Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 10, 2022Rewterz Threat Advisory – Multiple Adobe Illustrator Vulnerabilities
February 10, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 10, 2022Rewterz Threat Advisory – Multiple Adobe Illustrator Vulnerabilities
February 10, 2022Severity
High
Analysis Summary
Molerats APT – also known as Moonlight, Extreme Jackal, and Gaza Hackers Team – have been active since 2012. They made headlines in 2012 when they conducted a cyberattack against Israeli government. The targeted nations expanded to include Palestine, U.S., and also the UK. Molerats is a politically motivated nation-state actor that is conducting cyber espionage using three new malware variants:
- SharpStage Backdoor
- DropBook backdoor
- MoleNet Downloader
Molerats use Dropbox, Google Drive, and other legitimate services to drop spyware for cyber espionage against the Middle-East.
They use content written in the Arabic language related to the Palestinian conflict with Israel which encloses a macro that can execute a PowerShell command for fetching malware
Impact
- Data Exfiltration
- Cyber Espionage
- Political and Economic Loss
Indicators of Compromise
MD5
- d6fad881e71df95547067564c40627bd
- 7f5cf247926fa7235507c557e1554716
SHA-256
- 2a559a5178e0803c0a4067376cf279d00cade84b37158f03b709e718d34f65f9
- c61fcd8bed15414529959e8b5484b2c559ac597143c1775b1cec7d493a40369d
SHA-1
- af2c2af7f4adc7bd5a2ac8172f7a381cf92775a2
- a787f42670fa0e32810a48726297ef1da9ba5bf6
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Search for IOCs in your environment.