• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 9, 2022
Rewterz Threat Advisory – CVE-2022-20968 – Cisco IP Phone 7800 and 8800 Series firmware Vulnerability
December 9, 2022

Rewterz Threat Alert – APT32 SeaLotus (OceanLotus Group)- Active IOCs

December 9, 2022

Severity

High

Analysis Summary

A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. 
APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. Threat actors behind this group appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.

Impact

  • Espionage and Intellectual Theft
  • Extrusion of Data

Indicators of Compromise

Domain Name

  • top.haletteompson.com
  • eu-draytek.com

MD5

ce6ebbb68725f73b6247dfd987a81c7f

SHA-256

376f09d206fbc26acd199b95b7abfc679287eb38a1df519945deee258f796b32

SHA-1

ed781eea3e66e3ae688062552da383b1cce4d8d6

Remediation

  • Block all threat indicators at your respective controls
  • Search for IOCs in your environment.
  • Emails from unknown senders should always be treated with caution.
  • Never open links or attachments from unknown senders.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.