Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 24, 2022Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities
February 25, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 24, 2022Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities
February 25, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.
Impact
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
Filename
- background[.]dll[.]bin
MD5
- 9d1056db6be0efbd41a7e1145149a21f
- 663ad19176addfcff73ca169cbdbc4cb
- f19f0bc98de44bd2e440adc80be1bb8e
- 3af00aa5fd7fc96c18253c7d992aa563
SHA-256
- 28619319e8344cdb0a1171e6dbd12730c36ea40a075ea10925c5515e79a02b9b
- 61ae6e250fa02931bc2789273c8b76ac0f245c13b0872987202dde056894073d
- 9d0127b4120110a408b0bfc70c67b482262560bb4bdd05f3dd327b1d278f9b62
- d6ca88c07b6af824c3baac640a73c0fa85ac7dcf98e7e5cd8c24e91dad150419
SHA-1
- 7023509dbf95e15ac47450968cf80b539e92a52c
- de35f6c19f734dfdabe39c839c4f05c02609a47f
- 29417f45e3eb65e334ff01d544faadc0f2db0b4d
- 3f560c225852e7019e41e2f6aea78091cc0f8597
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.