• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-4008 – VMware Carbon Black Cloud macOS Sensor
December 16, 2020
Rewterz Threat Alert – Active QakBot Malspam Activity
December 16, 2020

Rewterz Threat Alert – APT-C-27 Raddex Family Malicious Android APK

December 16, 2020

Severity

High

Analysis Summary

APT-C-27 also known as GpldMouse threat group. he APT group is reportedly targeting the Middle East region. Android devices are targeted – The researchers also detected multiple samples designed to target Android devices. Multiple related Android samples with C2 205.251.145[.]29 295.yao[.]cl 94.177.251[.]146 have been found. Those recent Android backdoors are disguised as commonly used applications such as Android system. Once these false ‘HD.APK’ files are downloaded on the device, attackers use the C2 server to capture details such as GPS Positioning and perform tasks like recording and photographing from the device.

Impact

  • File recording
  • Information theft
  • Exposure of data 

Indicators of Compromise

Filename

  • HD[.]apk

IP

  • 205[.]251[.]145[.]29
  • 94[.]177[.]251[.]146

MD5

  • 14d9cea1080b4ef3e41329d7fb84f70b

SHA-256

  • 621741a6bd764a7e0af6294dc209e645cc4b958fd68c0b12760c9cad2e019328

SHA1

  • eb3499938fa32d1cdcef3529e5d90146e6fe3a96

URL

  • http[:]//chatsafe[.]tecnova[.]com[.]br/Super/HD[.]apk

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always download legitimate updates from the play store.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.