• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Mac Trojan Shlayer Distributed via Google Searches
June 19, 2020
Rewterz Threat Alert – Cobalt’s Updated Tactics and Tools
June 19, 2020

Rewterz Threat Alert – Raddex Malware Targeting Arabic-speakers, Linked to Golden RAT

June 19, 2020

Severity

Medium

Analysis Summary

Security researchers have uncovered a new sample of Android malware called Raddex targeting Arabic-speakers that is reportedly linked to GoldenRat (also known as APT27 or APT-C-37). The threat actor aims to get a superuser access to the device. The Raddex malware is also categorized a s a spyware that collects sensitive information from the device and sends it to a C2 server. 
 

Image
Image

Impact

  • Device takeover
  • Exposure of sensitive information

Indicators of Compromise

Hostname

  • 295[.]yao[.]cl

MD5

  • 4ae13489e22c79cc794d59ff74cb1aee
  • b91491c2525b4a578a88b7a13df679aa
  • 389c20a9a4a4aada461535ad22e0dc2a
  • 006ead0cabf1312dbce67ed42d524bfc
  • 1f9e92fdc5bdb2467dd2e1015304bed5
  • 006ead0cabf1312dbce67ed42d524bfc

SHA-256

  • 4ddc1325ac72ceaca843b017b7b68ef54b9c63757fb72c38738b076353e0ee25
  • 29c5c3c15c5cb2a8f9e87d6732bc138d9ef570de745d6193cb7acf684368aef5
  • 434ccfbc3780a3c76fb5cc02a1a681a3388ca9760de7b7ac17c0f3ccb55b24a5
  • f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde
  • d4b69105a02386a4c1f11d9b14f75f9a115bcfe54548cffcc271cb3f7630fc78
  • f416b7c6e390aab28f9f19839ece94c748cf0957eb94eb0dfd9b12ce6e301cde

SHA1

  • 33974523679d0eef019e764cf72966a2656080e1
  • eb9462fd6d1db3a9c552e64657f618a01dc1c094
  • 0d0668f0da2d24fed3a58eba486983637e7ca7a7
  • 6e74b2e814977bb04071ac6e9def70c37bcd55cc
  • bc682a8bc6ea8550a9c6286a7011ed8a87396723

Source IP

  • 94[.]177[.]251[.]146
  • 205[.]251[.]145[.]29

Remediation

  • Block the threat indicators at respective controls.
  • Be very careful while granting permissions to any apps. 
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.