Rewterz Threat Alert – Donot APT Group – Active IOCs
November 8, 2022Rewterz Threat Alert – FormBook Malware – Active IOCs
November 8, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
November 8, 2022Rewterz Threat Alert – FormBook Malware – Active IOCs
November 8, 2022Severity
High
Analysis Summary
APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.
The latest sample was uploaded from Palestine with a decoy document about ‘Protocols and Ceremonies
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
marina-samuel[.]com
MD5
- afbe6e47c77ab899b90f30af2cc4a640
SHA-256
- c196cc329abe500e2cbad7234a5da9a5260b4fbf2a8a4f94e0220a19eb628e63
SHA-1
- 026a0dbddbda96c75bee4eed667d7360bb088933
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/attachments sent by unknown senders.
- Search for IOCs in your environment