• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Magecart Group Continues Targeting E-Commerce Sites
September 2, 2019
Rewterz Threat Alert – Mastercard Priceless Specials Members Data Shared Online
September 3, 2019

Rewterz Threat Alert – Lazarus Targets Bitcoin Users

September 2, 2019

Severity

High

Analysis Summary

A spear phishing attack was conducted on some of the members of certain cryptocurrency exchanges in Korea. This attack, too , is an extension of the Lazarus campaign, disguised as a vocational document request, which was unveiled on the 20th, and is an extension of the attack vector.

99731B4B5D68D26B15

Email screen used in a real attack

In the past, Lazarus threats are characterized by a lure of users with subjects and content that have nothing to do with the recipient, and can be seen as one of irregular social engineering techniques.

Impact

Financial loss

Indicators of Compromise

URLs

  • http[:]//www[.]youdermoscopy[.]org/media/fly312[.]avi
  • http[:]//alnagm-press[.]com/wp-content/plugins/cloudflare/list[.]php
  • https[:]//swedishmassageamsterdam[.]nl/wp-content/themes/top[.]php
  • https[:]//elsouq[.]org/aramex/left[.]php
  • https[:]//www[.]youdermoscopy[.]org/media/fly[.]avi
  • https[:]//alnagm-press[.]com/wp-content/plugins/cloudflare/list[.]php
  • https[:]//www[.]youdermoscopy[.]org/media/fly312[.]avi

Filename

100 years dream greeting after 100 years.hwp

Malware Hash (MD5/SHA1/SH256)

  • 0af6d9aa7e1d1df68d538fa4bd59fd13
  • 89423ec34da7c2f78b80847def65d767
  • 9010355538d681a6224ee113ffc89f76
  • e43fb78165dad0e2e18de1ae304399b7

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the link/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.