Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

Severity

High

Analysis Summary

A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims.  

APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. APT32 operators appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.

Impact

• Espionage and Intellectual Theft
• Extrusion of data

Indicators of Compromise

MD5

• a54330bc0fdc9c9585f6024dde340177
• a2d70e7ab7dccf5efcc32b5bbfdecad9

SHA-256

• 19f16a4eceb8b57b2bcad11c76446f05b1e1f4b7c7f23201e08dc8fa07659cf0
• abbd36ce95fb12a9cc0035438d9908afd0f4b97365b98b63d2c846d9924c3c05

SHA-1

• ebbcc4a37cc7e9b5d2749970a4b9f261f43c98d2
• e508b76bb30fcdcd32bca10ba4cd3dab8d902c32

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.
• Always be suspicious about emails sent by unknown senders.
• Never click on links/ attachments sent by unknown senders.