November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – RattleSnake Targets Pakistan Navy
November 1, 2019Rewterz Threat Alert – Home and Small Office Wireless Routers Exploited to Attack Gaming Servers
November 1, 2019Rewterz Threat Alert – RattleSnake Targets Pakistan Navy
November 1, 2019Rewterz Threat Alert – Home and Small Office Wireless Routers Exploited to Attack Gaming Servers
November 1, 2019
Severity
High
Analysis Summary
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing Trojan malware campaign, believed to be launched by the North Korean government.
Analysis by CISA showed that Hoplight can also read, write and move files, create and terminate system processes as well as injecting data into them. The malware can also create, start and stop Windows services, and modify the Registry configuration database. CISA observed that Hoplight can connect to remote network hosts and upload and download files to and from these.
Impact
- Exposure of sensitive information
- Data manipulation
Indicators of Compromise
IP
- 112[.]175[.]92[.]57
- 113[.]114[.]117[.]122
- 117[.]239[.]241[.]2
- 119[.]18[.]230[.]253
- 128[.]200[.]115[.]228
- 137[.]139[.]135[.]151
- 14[.]140[.]116[.]172
- 181[.]39[.]135[.]126
- 186[.]169[.]2[.]237
- 195[.]158[.]234[.]60
- 197[.]211[.]212[.]59
- 21[.]252[.]107[.]198
- 210[.]137[.]6[.]37
- 218[.]255[.]24[.]226
- 221[.]138[.]17[.]152
- 26[.]165[.]218[.]44
- 47[.]206[.]4[.]145
- 70[.]224[.]36[.]194
- 81[.]94[.]192[.]10
- 81[.]94[.]192[.]147
- 84[.]49[.]242[.]125
- 97[.]90[.]44[.]200
SHA256
- 05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461
- 0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571
- 084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319
- 12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d
- 1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676
- 2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525
- 32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11
- 4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761
- 4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818
- 70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3
- 73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33
- 83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a
- 8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520
- b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9
- b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101
- c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8
- d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39
- ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d
- f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03
- fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about email sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.