• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – New CPDoS Web Cache Poisoning Attacks Impact Sites Using Popular CDNs
October 23, 2019
Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide
October 23, 2019

Rewterz Threat Alert – Lazarus APT Group Drops Malicious PowerShell Scripts – IoCs

October 23, 2019

Severity

High

Analysis Summary

Fresh attack samples have been retrieved which are suspected to be from the Lazarus APT group. The threat actor is dropping malicious PowerShell script through embedded macros.

Impact

  • Unauthorized System Access
  • Credential Theft
  • Theft of Sensitive Information

Indicators of Compromise

MD5

  • 6850189bbf5191a76761ab20f7c630ef
  • 601b672f7139615f925a2eec792aa9d5
  • bac54e7199bd85afa5493e36d3f193d2

SHA256

  • a7ff0dfc2456baa80e6291619e0ca480cc8f071f42845eb8316483e077947339
  • 735365ef9aa6cca946cfef9a4b85f68e7f9f03011da0cf5f5ab517a381e40d02
  • 6f7a5f1d52d3bfc6f175bf2bbb665e4bd99b0453e2d2e27712fe9b71c55962dc

SHA1

  • b512698ecc9bd603d02e9b6a7e1b7b67ba642a42
  • 0b12e7f03248f8ecef86ce2c6f75d2d30555608c
  • 428f1ef151ef6b60e345a5cb72204f32c34745b4

URL

  • hxxps://crabbedly[.]club/board.php
  • hxxps://craypot[.]live/board.php
  • hxxps://indagator[.]club/board.php

Remediation

  • Block the threat indicators at their respective controls.
  • Do not download files from untrusted sources and do not enable macros.
  • Keep all systems and software updated and patched to latest secure versions.
  • Implement employee awareness programs warning against phishing, social engineering and malvertising attacks.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.