Rewterz Threat Alert – APT Group Sidewinder Active in the Region
May 31, 2021Rewterz Threat Advisory – Threat Actors Targeting Employees Post Lockdown
May 31, 2021Rewterz Threat Alert – APT Group Sidewinder Active in the Region
May 31, 2021Rewterz Threat Advisory – Threat Actors Targeting Employees Post Lockdown
May 31, 2021Severity
High
Analysis Summary
APT C-23 also known as AridViper and Desert Falcon has resurfaced with malicious documents targeting victims about the sensitivity of the never-ending conflict between Israel and Palestine. The group’s discovery came around March 2017 with their main targets emerged as the Middle East. The group has previously faked an android app to deploy Android/SpyC23. A mainly for spying, including reading notifications from messaging apps, call recording and screen recording, and with new stealth features, such as dismissing notifications from built-in Android security apps.
Impact
- Information theft and espionage
- Exposure of sensitive data
Indicators of Compromise
Filename
- The unity of the people the cause and the land docx[.]exe
MD5
- 39519eaf6fa5df8a5c99a4c12096bfe0
SHA-256
- d82e23359a756affdadc194b0a4271bf8a05c1a5755185567a4595bed6bd8106
SHA1
- 9d0d639438c44ac3824f1e7152bfafbbe8db610c
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.