Rewterz Threat Alert – APT32 Ocean Lotus

Rewterz Threat Alert – Black Basta Ransomware – Active IOCs

June 2, 2022

Rewterz Threat Alert – Lokibot Malware – Active IOCs

June 2, 2022

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

Severity

High

Analysis Summary

A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is known for carrying out sophisticated attacks on several private companies, journalists, foreign governments, and activists with a primary concentration on Southeast Asian countries including Vietnam, Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims. APT32 conducts targeted operations that are consistent with Vietnamese state goals using a unique suite of fully-featured malware in combination with commercially accessible tools. The APT32 attack includes meaningless code to deceive security tools, allowing it to go undetected.

Impact

Information Theft and Espionage
Data Exfiltration

Indicators of Compromise

MD5

9ac04f570473b316bb0975a0ca166cbc

SHA-256

2fec211299a9e19c34ff424ce9720341e573fb609bb6786697b4ea9305b029a3

SHA-1

7a0bbd43ccf7978a21e0fbd1bdd56d1f005587ec

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.
Always be suspicious about emails sent by unknown senders.
Never click on links/ attachments sent by unknown senders.