April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – New CPDoS Web Cache Poisoning Attacks Impact Sites Using Popular CDNs
October 23, 2019Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide
October 23, 2019Rewterz Threat Alert – New CPDoS Web Cache Poisoning Attacks Impact Sites Using Popular CDNs
October 23, 2019Rewterz Threat Alert – MedusaLocker Ransomware Infecting Victims Worldwide
October 23, 2019
Severity
High
Analysis Summary
Fresh attack samples have been retrieved which are suspected to be from the Lazarus APT group. The threat actor is dropping malicious PowerShell script through embedded macros.
Impact
- Unauthorized System Access
- Credential Theft
- Theft of Sensitive Information
Indicators of Compromise
MD5
- 6850189bbf5191a76761ab20f7c630ef
- 601b672f7139615f925a2eec792aa9d5
- bac54e7199bd85afa5493e36d3f193d2
SHA256
- a7ff0dfc2456baa80e6291619e0ca480cc8f071f42845eb8316483e077947339
- 735365ef9aa6cca946cfef9a4b85f68e7f9f03011da0cf5f5ab517a381e40d02
- 6f7a5f1d52d3bfc6f175bf2bbb665e4bd99b0453e2d2e27712fe9b71c55962dc
SHA1
- b512698ecc9bd603d02e9b6a7e1b7b67ba642a42
- 0b12e7f03248f8ecef86ce2c6f75d2d30555608c
- 428f1ef151ef6b60e345a5cb72204f32c34745b4
URL
- hxxps://crabbedly[.]club/board.php
- hxxps://craypot[.]live/board.php
- hxxps://indagator[.]club/board.php
Remediation
- Block the threat indicators at their respective controls.
- Do not download files from untrusted sources and do not enable macros.
- Keep all systems and software updated and patched to latest secure versions.
- Implement employee awareness programs warning against phishing, social engineering and malvertising attacks.