← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks
WHITE dekaRituraj 2023-04-06 Modified: 2023-04-06
26
IOCs
MEDIUM VOLUME
The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022. Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is "going to great lengths to maintain a persistent presence on targeted networks." Also known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014. Mantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.
verbleconwindowsinfectioniddiscordstorageleveldbsymantecmin readnew loaderattackshome threatnextdatemaintoolspassteammantisclose
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Verblecon
Indicators of Compromise (26)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://gaymers.ax/ 2023-04-06
URL https://jonathanhardwick.me/hardwick.bin 2023-04-06
URL https://jonathanhardwick.me/hardwick.jar 2023-04-06
FileHash-MD5 1f431d1498c45f6fd5a4975c5475c9a7 MD5 of 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-06
FileHash-MD5 36c89be43122fd968de9283eb3c2fdfd MD5 of 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-06
FileHash-MD5 6f3af6ffb074513b51bba688a0b41df7 2023-04-06
FileHash-MD5 923ec15ffa4474ca7bf200bfb90e782d 2023-04-06
FileHash-MD5 c49165830ceaa2903d996e9794c50dc8 MD5 of f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-06
FileHash-SHA1 32e80ae488534601711b1001a3fd9c372ad093e2 SHA1 of 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-06
FileHash-SHA1 66cbfd551e35ee191a79da8163c795af16fea282 SHA1 of 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-06
FileHash-SHA1 d031bba3d7e73bbdc5e53d073fd8a6a98294ec4f SHA1 of f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-06
FileHash-SHA256 32a9415daa7f37a93dd0b347461844673c0f5baf0c15c01ee48b147dadf28299 2023-04-06
FileHash-SHA256 5a4f6332ad08b35c055bb5e6dfddc79d2f7905e63fac7595efbedd0b27f12eb8 2023-04-06
FileHash-SHA256 f3f4af5f5eae1a28ad5a01b56d71302a265bce17d2c87ce731edf440612818a6 2023-04-06
URL http://test.verble.rocks/dorflersaladreviews.bin 2023-04-06
URL http://test.verble.rocks/dorflersaladreviews.jar 2023-04-06
URL http://verble.software/styles.jar d162756d7cd11317f0c004172f6127bbcb564186dc43284ab7d4b293789434df 2023-04-06
URL https://jonathanhardwick.me/config.txt 2023-04-06
URL https://jonathanhardwick.me/hardwick.jar~start 2023-04-06
domain 6f3af6ffb074513b51bba688a0b41df7.tk 2023-04-06
domain gaymers.ax 2023-04-06
domain jonathanhardwick.me 2023-04-06
domain user.name 2023-04-06
domain verble.software 2023-04-06
hostname datetime.date.today 2023-04-06
hostname test.verble.rocks 2023-04-06
References (2)
↗ https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord ↗ https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html