• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Qakbot (Qbot) Malware – Active IOCs
October 26, 2021
Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
October 26, 2021

Rewterz Threat Alert – APT-C-38 ZooPark – Active IOCs

October 26, 2021

Severity

High

Analysis Summary

Threat actor ZooPark which surfaced in June 2015, is a threat group that focuses on targeting Middle Eastern Countries using several generations of malware of with naming conventions from v1 to v4 with v4 being the latest deployed in 2017. ZooPark focuses on infecting Android devices using Watering Hole attacks. Threat group also hacked several websites which redirects the users to other downloading sites to serve malicious APKs. Some of them were related to “Kurdish referendum” “TelegramGroups” and “Alnaharegypt news”. The group focuses to target Egypt, Jordan, Morocco, Lebanon and Iran for their gains in the recent times with their v4 generation of malware.

Impact

  • Information Theft and Espionage
  • Spyware
  • Exposure of sensitive data

Indicators of Compromise

MD5

  • d5f21926943b8f43af31d293359a7239

SHA-256

  • fcd88e0d9ecb9efe15573924ede1a05f3d7655ad14d1c9dfe78d574b9dae136a

SHA-1

  • d3559bcdb994a82292bac87f67d448d48bf0489d

URL

  • http[:]//www[.]rhubarb3[.]com/save[.]php?key=dafak

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Always download applications from legitimate sources/ playstore
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.