Rewterz Threat Alert – Virlock Ransomware – Active IOCs
June 17, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
June 17, 2022Rewterz Threat Alert – Virlock Ransomware – Active IOCs
June 17, 2022Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
June 17, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.
Impact
- Information Theft and Espionage
- Data Exfiltration
Indicators of Compromise
MD5
- ec93637b8ff38153da61537fb6825faf
SHA-256
- daddf5245a2268b5128365561338f88b2d00020375c71d4577d8513193de47ce
SHA-1
- 5f246b65f8ffe666fe24c0b8f8b872a66e3f8582
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links/ attachments sent by unknown senders.