

Rewterz Threat Alert – Lazarus New Backdoor Power-task activity Targeting Financial Sectors
May 24, 2019
Rewterz Threat Advisory – CVE-2019-5586 & CVE-2019-5588 – Fortinet FortiOS Cross-Site Scripting Vulnerabilities
May 28, 2019
Rewterz Threat Alert – Lazarus New Backdoor Power-task activity Targeting Financial Sectors
May 24, 2019
Rewterz Threat Advisory – CVE-2019-5586 & CVE-2019-5588 – Fortinet FortiOS Cross-Site Scripting Vulnerabilities
May 28, 2019Severity
High
Analysis Summary
Moneytaker group which was previously responsible for the hack of a famous Russina bank is active again and targeting different financial sectors of Russian Federation targeting their SWIFT/ ARM CBR and Card processing software with their backdoor MTHole.VBE. It’s main goal is to execute commands from the CNC server.
Impact
- Money Theft
- Compromise of network
Indicators of Compromise
URLs
- www[.]workdrafts[.]com/vbs/vbsadm2/mulino[.]php
- www[.]daily-stocks[.]com
- www[.]iis-live-update[.]com
Filename
- scrypt.txt
- documentnew.doc
- slmgr.vbe
- gatherNetworkInfo.vbe
- Decoded Slmgr .vbe
- Decoded gather Networkinfo.vbe
Malware Hash (MD5/SHA1/SH256)
- b2e74a177853933071c2d039dd7ece33
- 522d53c54cete49c813a5a4713dab58f
- 868ec69d15a0e64313873690947b5d3c
- 8d4968a96b7b981135678671a81b7098
- cc189e74d7c858995c410450tc210485
Remediation
Block threat indicators at your respective controls.