Rewterz Threat Alert – Twisted Panda APT Group – Active IOCs
June 6, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
June 6, 2022Rewterz Threat Alert – Twisted Panda APT Group – Active IOCs
June 6, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
June 6, 2022Severity
High
Analysis Summary
APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 77c7e64679bbeaef273896faf8dde19d
SHA-256
- f75314cafb6f523492451b7e3543538b0629cf3d6ba8c53ce689a9c639469ae8
SHA-1
- d6547ebb256009b65651004b0a5b9946774e0a21
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment