Rewterz Threat Alert – APT-C-23 or AridViper Threat Group – Active IOCs

Severity

High

Analysis Summary

APT-C-23 (aka AridViper) is an Arabic-speaking Advanced Persistent Threat group working for Hamas. The threat group has been previously known to target Middle-Eastern countries but has been recently observed targeting Israeli officials and individuals. Their espionage campaign aims to steal credentials and sensitive information from the victim’s PC and mobile devices. Their most active targets are Israeli individuals working for the military, emergency services, and any law enforcement agencies. Their primary infection method is social engineering, through which they deliver trojanized messages via Facebook or other social media applications. The group has been using an upgraded malware called “Barb(ie) Downloader” and “BarbWire Backdoor” and an android implant named VolatileVenom.

The latest campaign observed contains a file disguised as a word document, named ‘The national role of the revolutionary and national councils in confronting the plans for liquidation and Judaization’

Impact

• Information Theft and Espionage

Indicators of Compromise

Domain Name

swsan-lina-soso[.]info

MD5

• 776811c25d105bfd9e1c358f93a4c669

SHA-256

• 36037040711231986f7509a2aa2af74b33022defac4669fb0eb14beba7caff39

SHA-1

• aeeeee47becaa646789c5ee6df2a6e18f1d25228

Remediation

• Block all threat indicators at your respective controls.
• Always be suspicious about emails sent by unknown senders.
• Never click on links/attachments sent by unknown senders.
• Search for IOCs in your environment