Rewterz Threat Alert – APT C-23 Highly Active

Rewterz Threat Alert – Alert on Gozi Banking Trojan

November 30, 2020

Rewterz Threat Advisory – Apache NiFi code execution

December 1, 2020

Rewterz Threat Alert – APT C-23 Highly Active

Severity

High

Analysis Summary

APT-C-23 (also known as Two-Tailed Scorpion and Desert Scorpion). APT-C-23 is known to utilize both Windows and Android components, and has previously targeted victims in the Middle East with apps in order to compromise Android smartphones. The group is highly active in middle east and targeting different organizations. The intention of the group remains unknown at this point, but by previous activities the group has been seen exfiltrating data from different spywares. This campaign is targeting users with a personalized form in which they’re asking for personal details.

Gozi banking Trojan co-author pleads guilty – Naked Security

Impact

Information theft
Data breach

Indicators of Compromise

MD5

6964e9ed0a8965b74ef89173b5205b9c

SHA-256

9d52c85804d3059ca07cc15e98f41befe699650ee86c67de8cf21bd6b08e3b3b

SHA1

039058bb18de398078b0858f2b5ed1af7a6b699b

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Alert – Alert on Gozi Banking Trojan

Rewterz Threat Advisory – Apache NiFi code execution

Rewterz Threat Alert – APT C-23 Highly Active

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan