Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
October 26, 2021Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
October 26, 2021Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
October 26, 2021Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
October 26, 2021Severity
High
Analysis Summary
Threat actor ZooPark which surfaced in June 2015, is a threat group that focuses on targeting Middle Eastern Countries using several generations of malware of with naming conventions from v1 to v4 with v4 being the latest deployed in 2017. ZooPark focuses on infecting Android devices using Watering Hole attacks. Threat group also hacked several websites which redirects the users to other downloading sites to serve malicious APKs. Some of them were related to “Kurdish referendum” “TelegramGroups” and “Alnaharegypt news”. The group focuses to target Egypt, Jordan, Morocco, Lebanon and Iran for their gains in the recent times with their v4 generation of malware.
Impact
- Information Theft and Espionage
- Spyware
- Exposure of sensitive data
Indicators of Compromise
MD5
- d5f21926943b8f43af31d293359a7239
SHA-256
- fcd88e0d9ecb9efe15573924ede1a05f3d7655ad14d1c9dfe78d574b9dae136a
SHA-1
- d3559bcdb994a82292bac87f67d448d48bf0489d
URL
- http[:]//www[.]rhubarb3[.]com/save[.]php?key=dafak
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always download applications from legitimate sources/ playstore