April 24, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Trend Micro Worry-Free Business Security
December 1, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric GOT products
December 1, 2021Rewterz Threat Advisory – Multiple Trend Micro Worry-Free Business Security
December 1, 2021Rewterz Threat Advisory – ICS: Mitsubishi Electric GOT products
December 1, 2021
Severity
High
Analysis Summary
Cyber espionage actors, aka APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
WINSPOOL[.]DRV
MD5
- 515d02dddd6e487b3e6f6e31afa0bbea
SHA-256
- f7b7b09608959dd91f201d8bf63b156cedcda50cc7131916587e328b1c38f434
SHA-1
- eb68f93a5a3e2196140c1e963c93d71b8ec58cf7
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.