Rewterz Threat Alert – APT C-23 Active in Middle East

Severity

High

Analysis Summary

APT-C-23 (also known as Two-Tailed Scorpion and Desert Scorpion). APT-C-23 is known to utilize both Windows and Android components, and has previously targeted victims in the Middle East with apps in order to compromise Android smartphones. The group is highly active in middle east and targeting different organizations. The intention of the group remains unknown at this point, but by previous activities the group has been seen exfiltrating data from different spywares. This campaign is targeting users with a personalized form in which they’re asking for personal details.

Impact

Exposure of personally identifiable information

Indicators of Compromise

Filename

• maram-11_22_2020-9785348634-docx[.]exe

MD5

• 21aa63b42825fb95bf5114419fb42157

SHA-256

• a6f4a0400fc7eee60610c0e113802d5aa544d462d2141b93203a0f9f380f0a16

SHA1

• 70fb5fd1bd42fad7a93916c203cce78ba0fd5966

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.