Rewterz Threat Alert – Vidar Malware – Active IOCs
August 25, 2021Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
August 25, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
August 25, 2021Rewterz Threat Alert – ServHelper Backdoor – Active IOCs
August 25, 2021Severity
High
Analysis Summary
Cyber espionage actors, aka APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- JudianService[.]dll
MD5
- 943cb4b5ffb69926803d7f9c3dd1bc7c
SHA-256
- 8ccd9591e9438a313a21958c7f8edce4b238bbb147e8284ec4a2b7b488b920ca
SHA-1
- 2459b3ee3761e20439494ab11a7bd5aa96f3913c
Remediation
- Block all the threat indicators in their respective controls.
- Search for IOC in your environment.