← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Arid Viper APT Gang Attacks Palestinian Entities with Politically Themed Lures and Multiple RATs to Steal Information
WHITE Malware Advisory SVThreatIntel 2022-02-03 Modified: 2022-02-03
46
IOCs
MEDIUM VOLUME
Researchers observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group, based out of Gaza since 2017. This campaign targets Palestinian entities and activists using politically-themed lures. The latest iteration of the implant contains multiple RAT and information gathering capabilities. About the threat actor Arid Viper, also known as Desert Falcon, Two-tailed Scorpion, or APT C-23, was first exposed in 2015. This threat actor's main motivation is espionage and information theft. and has been attributed to malicious operators politically motivated towards the liberation of Palestine.
iocs hasheshostnamesurls httpMalware
Indicators of Compromise (46)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 03d654b20820ccc3a9a61345349fbe62 MD5 of 27eaeb7f0195230e22d5beacc05b7d944aaec4894fbc02824f59b172e360713f 2022-02-03
FileHash-MD5 4b96fecd0c6451b30619e6e836fe7ffa MD5 of 2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247 2022-02-03
FileHash-MD5 5989f7fbfa8429feb1212fd4ded68187 MD5 of aa507bbe5d2a32f6e1e3f311c1baf93fd4707def8596083f26683e85972f5ac0 2022-02-03
FileHash-MD5 8f05571f93e667f67b9c06bb33b97ce5 MD5 of 8a730266c62fa79435497b1d7db38011e63b6c53b48593d65c24c36044d92dba 2022-02-03
FileHash-MD5 b774dae8ebaa3b952dacaafa91871be3 MD5 of 895adb54a13d9ebf3f7215f1bad77c0c548e7dd4c58c3a338d440520efcb8fc9 2022-02-03
FileHash-MD5 d60edd62ea6f2965e663c1a4ed2fdea8 MD5 of f2f36a72cfb25cef74ff0ea8e3ad1c49c6dc3e128fd60a2717f4c5a225e20df2 2022-02-03
FileHash-MD5 d96f941c29627760e1466dd000dbbea5 MD5 of 0a55551ade55705d4be6e946ab58a26d7cf8087558894af8799931b09d38f3bc MD5 of 0a55551ade55705d4be6e946ab58a26d7cf8087558894af8799931b09d38f3bc 2022-02-03
FileHash-SHA1 0d44e77fd514c261ef3ca168010ca93cf16f6519 SHA1 of 2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247 2022-02-03
FileHash-SHA1 1ecb0245dd21da339e1506979494484349034c67 SHA1 of aa507bbe5d2a32f6e1e3f311c1baf93fd4707def8596083f26683e85972f5ac0 2022-02-03
FileHash-SHA1 3319d2177e8faec610dea67e9fc3b867c838c9ac SHA1 of 0a55551ade55705d4be6e946ab58a26d7cf8087558894af8799931b09d38f3bc SHA1 of 0a55551ade55705d4be6e946ab58a26d7cf8087558894af8799931b09d38f3bc 2022-02-03
FileHash-SHA1 82248cfbdb54b0ae9c7a1f259fa21ff995e01cac SHA1 of 27eaeb7f0195230e22d5beacc05b7d944aaec4894fbc02824f59b172e360713f 2022-02-03
FileHash-SHA1 98d7620727293f9148b45644db5828fd3e41e86d SHA1 of 8a730266c62fa79435497b1d7db38011e63b6c53b48593d65c24c36044d92dba 2022-02-03
FileHash-SHA1 a519b14c39e1a992a86f985830e3102febfdb4e9 SHA1 of f2f36a72cfb25cef74ff0ea8e3ad1c49c6dc3e128fd60a2717f4c5a225e20df2 2022-02-03
FileHash-SHA1 cc040f0864ce7243032cbc0ddf83267482fda256 SHA1 of 895adb54a13d9ebf3f7215f1bad77c0c548e7dd4c58c3a338d440520efcb8fc9 2022-02-03
FileHash-SHA256 0a55551ade55705d4be6e946ab58a26d7cf8087558894af8799931b09d38f3bc 2022-02-03
FileHash-SHA256 27eaeb7f0195230e22d5beacc05b7d944aaec4894fbc02824f59b172e360713f 2022-02-03
FileHash-SHA256 2d03ff4e5d4d72afffd9bde9225fe03d6dc941982d6f3a0bbd14076a6c890247 2022-02-03
FileHash-SHA256 895adb54a13d9ebf3f7215f1bad77c0c548e7dd4c58c3a338d440520efcb8fc9 2022-02-03
FileHash-SHA256 8a730266c62fa79435497b1d7db38011e63b6c53b48593d65c24c36044d92dba 2022-02-03
FileHash-SHA256 aa507bbe5d2a32f6e1e3f311c1baf93fd4707def8596083f26683e85972f5ac0 2022-02-03
FileHash-SHA256 f2f36a72cfb25cef74ff0ea8e3ad1c49c6dc3e128fd60a2717f4c5a225e20df2 2022-02-03
FileHash-MD5 312e67e3847aeaa33c2363e870ed40b8 MD5 of d4e56e3a9dec89cc32df78aa4ba8b079aa5e697ed99a1e21e9bd31e85d5d1370 2022-02-03
FileHash-MD5 7833c0f413c1611f7281ac303bcef4b3 MD5 of c9d7b5d06cd8ab1a01bf0c5bf41ef2a388e41b4c66b1728494f86ed255a95d48 2022-02-03
FileHash-MD5 907d6c843d847d963ae6b31873c56c2d MD5 of 1d4e54529feef53850f97f39029a906d53f3d4b2aea8373e27c413324a55681c 2022-02-03
FileHash-MD5 af377d57af6c3b86ba2d01d042f95cf9 MD5 of c7e74330440fcf8f6b112f5493769de6cdbdea5944ab78697ab115c927cbd0a1 2022-02-03
FileHash-MD5 ee83e625c2e59850c8b67faf1442b20e MD5 of 7b9087d91a31d03dd2c235d8debf8ed10f4b82c430a236d159e06e7fb47464a9 2022-02-03
FileHash-SHA1 0a2631838611ca5990e49ebd1fd42756c76f1181 SHA1 of d4e56e3a9dec89cc32df78aa4ba8b079aa5e697ed99a1e21e9bd31e85d5d1370 2022-02-03
FileHash-SHA1 7ebd53de6dba064e602dd12f22736ed3144b1d33 SHA1 of 7b9087d91a31d03dd2c235d8debf8ed10f4b82c430a236d159e06e7fb47464a9 2022-02-03
FileHash-SHA1 8f09024a438aa18fa15bf56551b58292de43e978 SHA1 of 1d4e54529feef53850f97f39029a906d53f3d4b2aea8373e27c413324a55681c 2022-02-03
FileHash-SHA1 a81d0be682831823233164356ead42208b5161a9 SHA1 of c9d7b5d06cd8ab1a01bf0c5bf41ef2a388e41b4c66b1728494f86ed255a95d48 2022-02-03
FileHash-SHA1 ae29d19aa4e3f76aa8c7f42dbc3fe31340cfea0c SHA1 of c7e74330440fcf8f6b112f5493769de6cdbdea5944ab78697ab115c927cbd0a1 2022-02-03
FileHash-SHA256 1d4e54529feef53850f97f39029a906d53f3d4b2aea8373e27c413324a55681c 2022-02-03
FileHash-SHA256 5463b3573451d23f09cb3f6f3c210de182ed0dd8a89459381a7f69aa7f8ac9b4 2022-02-03
FileHash-SHA256 7b9087d91a31d03dd2c235d8debf8ed10f4b82c430a236d159e06e7fb47464a9 2022-02-03
FileHash-SHA256 bc03948ce4d88f32017d4a1725a05341d3ff72a616645d9893b8f5d11068217f 2022-02-03
FileHash-SHA256 c7e74330440fcf8f6b112f5493769de6cdbdea5944ab78697ab115c927cbd0a1 2022-02-03
FileHash-SHA256 c9d7b5d06cd8ab1a01bf0c5bf41ef2a388e41b4c66b1728494f86ed255a95d48 2022-02-03
FileHash-SHA256 d4e56e3a9dec89cc32df78aa4ba8b079aa5e697ed99a1e21e9bd31e85d5d1370 2022-02-03
FileHash-SHA256 e288d7e42c8cdbf0156f008ff7d663f8c8e68faa2e902d51f3287f1bceae79b2 2022-02-03
domain cooperron.me 2022-02-03
domain deangelomcnay.news 2022-02-03
domain dorothymambrose.live 2022-02-03
domain earlahenry.com 2022-02-03
domain juliansturgill.info 2022-02-03
domain nicholasuhl.website 2022-02-03
domain ruthgreenrtg.live 2022-02-03
References (1)
↗ https://blog.talosintelligence.com/2022/02/arid-viper-targets-palestine.html