February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 9, 2022Rewterz Threat Advisory – CVE-2022-20968 – Cisco IP Phone 7800 and 8800 Series firmware Vulnerability
December 9, 2022Rewterz Threat Alert – Phobos Ransomware – Active IOCs
December 9, 2022Rewterz Threat Advisory – CVE-2022-20968 – Cisco IP Phone 7800 and 8800 Series firmware Vulnerability
December 9, 2022
Severity
High
Analysis Summary
A Vietnam-based threat group, APT32 (OceanLotus Group) is active since 2014. It is well-known for carrying out sophisticated attacks on a variety of private companies, journalists, foreign governments, and activists, with a major focus on Southeast Asian nations such as Vietnam, the Philippines, Laos, and Cambodia. This threat group has utilized smart web breaches to compromise victims.
APT32 uses a unique suite of fully-featured malware in combination with commercially available tools to undertake targeted operations that are congruent with Vietnamese state interests. The APT32 attack includes irrelevant code to deceive security tools and go undetected. Threat actors behind this group appear to be well-resourced and supported since they employ a diverse collection of domains and IP addresses as command and control infrastructure.
Impact
- Espionage and Intellectual Theft
- Extrusion of Data
Indicators of Compromise
Domain Name
- top.haletteompson.com
- eu-draytek.com
MD5
ce6ebbb68725f73b6247dfd987a81c7f
SHA-256
376f09d206fbc26acd199b95b7abfc679287eb38a1df519945deee258f796b32
SHA-1
ed781eea3e66e3ae688062552da383b1cce4d8d6
Remediation
- Block all threat indicators at your respective controls
- Search for IOCs in your environment.
- Emails from unknown senders should always be treated with caution.
- Never open links or attachments from unknown senders.