Rewterz Threat Alert – APT32 Ocean Lotus

Rewterz Threat Alert – FormBook Malware – Active IOCs

August 20, 2021

Rewterz Threat Advisory – ICS – Siemens SINEMA Vulnerability

August 22, 2021

Rewterz Threat Alert – APT32 Ocean Lotus – IOCs

Severity

High

Analysis Summary

Cyber espionage actors, aka APT32 (OceanLotus Group), are carrying out intrusions into private sector companies across multiple industries and have also targeted foreign governments, dissidents, and journalists. APT32 leverages a unique suite of fully-featured malware, in conjunction with commercially available tools, to conduct targeted operations that are aligned with Vietnamese state interests.

Impact

Information Theft and Espionage

Indicators of Compromise

Filename

OInfo11[.]OCX

MD5

e79a99f73671a482680fff448f5c4679

SHA-256

006afddc2fdfb5d1dc10f6b3ab6036e6ccfad055ac0713d5bb4091d0bec96c5f

SHA-1

2cad67d58d97828eecd101bc00a46db530b0401e

Remediation

Block all the threat indicators at your respective controls.
Search for IOCs in your environment.