Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 20, 2022Rewterz Threat Advisory – CVE-2022-22414 – IBM Robotic Process Automation Vulnerability
June 21, 2022Rewterz Threat Alert – DJVU Ransomware – Active IOCs
June 20, 2022Rewterz Threat Advisory – CVE-2022-22414 – IBM Robotic Process Automation Vulnerability
June 21, 2022Severity
High
Analysis Summary
APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- e68a9d09bf7f79bbb027204be251ccaf
SHA-256
- 8994ecf78913be242d1246637c34341bc381ede2c22bf2f585a4c241a5ef7b49
SHA-1
- b3acfc866f5fe5dd9acf1b891c1b01304827158d
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment