Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs

Severity

High

Analysis Summary

APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.

The campaign observed in October contains a file disguised as a word document, named ‘The Ministry of State for Wall and Settlement Affairs established by the Palestinian government.xz’

Impact

• Information Theft and Espionage

Indicators of Compromise

Domain Name

zakaria-chotzen[.]info

MD5

• 116967e277b8e095697eff6741fad165

SHA-256

• cb9fb42bfcae30b849fcc210d1ac4b39a12e32c6dc9d8523fcf9883632d7135e

SHA-1

• 60480323f0e6efa3ec08282650106820b1f35d2f

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on links/attachments sent by unknown senders.
• Search for IOCs in your environment