
Severity
High
Analysis Summary
APT C-23 also known as AridViper and Desert Falcon has resurfaced with a malicious documents targeting victims about the sensitivity of the never ending conflict between Israel and Palestine. The group’s discovery came around March 2017 with their main targets emerged as Middle East. The group has previously faked an android app to deploy Android/SpyC23.A mainly for spying, including reading notifications from messaging apps, call recording and screen recording, and with new stealth features, such as dismissing notifications from built-in Android security apps.
Impact
Information theft and espionage
Indicators of Compromise
Filename
- The position of the president and the leadership on the elections and the corresponding proposals for the decrees[.]001
MD5
- 335e604a7c3866b3fad6e8ee6989ddb9
SHA-256
- b6ed0833d4a19d2eca5f6f856c595d5329532ff116163047ed4e3a27c9f8bd69
SHA1
- f22f013a2b37017c9a5bd0470615b4b8503d6bce
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.