• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2021-45232 – Apache APISIX Dashboard
December 28, 2021
Rewterz Threat Alert – APT MustangPanda Targeting Germany – Active IOCs
December 28, 2021

Rewterz Threat Alert – APT C-23 aka AridViper Active in Middle East Region – Active IOCs

December 28, 2021

Severity

High

Analysis Summary

APT C-23 also known as AridViper and Desert Falcon is active in the region targeting different sectors with their malicious documents. The group’s discovery came around March 2017 and their main target emerged as the Middle East. The group has previously faked an android app to deploy Android/SpyC23 mainly for spying, including reading notifications from messaging apps, call recording and screen recording, and with new stealth features, such as dismissing notifications from built-in Android security apps.

A new sample also seems to be used by APT-C-23. Once it gets executed, a document relating to What does profit from the internet means? is shown to confuse the victim and meanwhile RAT is executed to perform remote control

advisory-1640670996.png

This is relevant to the ongoing spying campaign already active in the middle east via Android Mobile apps which confers resistance to takedowns and manual removal as well. The spyware are in the form of apps that includes App Updates, System Apps Updates, or Android Update Intelligence, which are being sent to the users in the form of text messages and after installations in asks for specific permissions which includes access media apps and other files app in your phone.

Impact

  • Unauthorized access of victim’s machine
  • Information theft and espionage
  • Exposure of sensitive data

Indicators of Compromise

Filename

  • Profit from the Internet[.]docx

MD5

  • 79f706153bad3fd0f623932c522bfab3
  • 186a18e2082e42f92d8f4dc7f219d88f

SHA-256

  • e6108b5063488f843edae658d362ec7ca2b0ee31f0b65275ff9d19d3ed44888f
  • 3ce7329244986d8484cdd5168aa8b7165147899b298124d749680dd04eca58ca

SHA-1

  • 48a18fb4cb71ca968d8b6ec5d164bb36c831a2e3
  • 0909e7f0ea3408f47bb7cc257877a790754da894

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachments sent by unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.