Rewterz Threat Alert – APT32 Ocean Lotus

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

February 24, 2022

Rewterz Threat Advisory – Multiple Apache Gobblin and ActiveMQ Artemis Vulnerabilities

February 25, 2022

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

Severity

High

Analysis Summary

A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.

Impact

Information Theft and Espionage
Data Exfiltration

Indicators of Compromise

Filename

background[.]dll[.]bin

MD5

9d1056db6be0efbd41a7e1145149a21f
663ad19176addfcff73ca169cbdbc4cb
f19f0bc98de44bd2e440adc80be1bb8e
3af00aa5fd7fc96c18253c7d992aa563

SHA-256

28619319e8344cdb0a1171e6dbd12730c36ea40a075ea10925c5515e79a02b9b
61ae6e250fa02931bc2789273c8b76ac0f245c13b0872987202dde056894073d
9d0127b4120110a408b0bfc70c67b482262560bb4bdd05f3dd327b1d278f9b62
d6ca88c07b6af824c3baac640a73c0fa85ac7dcf98e7e5cd8c24e91dad150419

SHA-1

7023509dbf95e15ac47450968cf80b539e92a52c
de35f6c19f734dfdabe39c839c4f05c02609a47f
29417f45e3eb65e334ff01d544faadc0f2db0b4d
3f560c225852e7019e41e2f6aea78091cc0f8597

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on links/ attachments sent by unknown senders.