Rewterz Threat Advisory – PEAR (PHP Extension and Application Repository) Vulnerability
April 7, 2022Rewterz Threat Update – Sanctions of Hydra Dark Web Marketplace and Garantex
April 8, 2022Rewterz Threat Advisory – PEAR (PHP Extension and Application Repository) Vulnerability
April 7, 2022Rewterz Threat Update – Sanctions of Hydra Dark Web Marketplace and Garantex
April 8, 2022Severity
High
Analysis Summary
APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.
From Cybereason
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- WMIHosts[.]exe
MD5
- 3f3bbcf8fd90bdcdcdc5494314ed4225
- 08a1ee50adb72b421189362d74a190a4
SHA-256
- ebe09a6ef73a572f7a19d2e1eccd8f5d1895ae2730e67a060d008a2703ab3ec2
- c4fdbfd6608748d7f675a83f392cd923e86a6d491395a611a3d651c3385708b8
SHA-1
- ff1c877db4d0b6a37f4ba5d7b4bd4b3b980eddef
- 4dcdb7095da34b3cef73ad721d27002c5f65f47b
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.