Rewterz Threat Alert – Donot APT Group – Active IOCs
November 18, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
November 18, 2022Rewterz Threat Alert – Donot APT Group – Active IOCs
November 18, 2022Rewterz Threat Alert – SmokeLoader Malware – Active IOCs
November 18, 2022Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims.
APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. APT32 operators appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.
Impact
- Espionage and Intellectual Theft
- Extrusion of Data
Indicators of Compromise
Domain Name
- zabbixasaservice.com
IP
- 139.162.58.101
MD5
- a54330bc0fdc9c9585f6024dde340177
SHA-256
- 19f16a4eceb8b57b2bcad11c76446f05b1e1f4b7c7f23201e08dc8fa07659cf0
SHA-1
- ebbcc4a37cc7e9b5d2749970a4b9f261f43c98d2
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.
- Emails from unknown senders should always be treated with caution.
- Never open links or attachments from unknown senders.