Rewterz Threat Alert – APT-C-38 ZooPark – Active IOCs

Severity

High

Analysis Summary

Threat actor ZooPark which surfaced in June 2015, is a threat group that focuses on targeting Middle Eastern Countries using several generations of malware of with naming conventions from v1 to v4 with v4 being the latest deployed in 2017. ZooPark focuses on infecting Android devices using Watering Hole attacks. Threat group also hacked several websites which redirects the users to other downloading sites to serve malicious APKs. Some of them were related to “Kurdish referendum” “TelegramGroups” and “Alnaharegypt news”. The group focuses to target Egypt, Jordan, Morocco, Lebanon and Iran for their gains in the recent times with their v4 generation of malware.

Impact

• Information Theft and Espionage
• Spyware
• Exposure of sensitive data

Indicators of Compromise

MD5

• d5f21926943b8f43af31d293359a7239

SHA-256

• fcd88e0d9ecb9efe15573924ede1a05f3d7655ad14d1c9dfe78d574b9dae136a

SHA-1

• d3559bcdb994a82292bac87f67d448d48bf0489d

URL

• http[:]//www[.]rhubarb3[.]com/save[.]php?key=dafak

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.
• Always download applications from legitimate sources/ playstore