Advisory |
Adversarial Intelligence |
Threat Actor |
AridViper |
Target |
Windows System |
- Keylogging,
- Downloading and executing payloads,
- Stealing browser credentials,
- Clearing browsing history and profiles,
- Rebooting machines,
- Collecting Outlook processes, etc.
- Pyaudio - Audio stealing capabilities
- Mss - Screenshot capabilities
MITRE Tactics and Techniques
Tactic |
Technique |
Initial Access | Masquerade as Legitimate Application (T1444), Deliver Malicious App via Other Means (T1476) |
Execution | Native Code (T1575) |
Persistence | Broadcast Receivers (T1402) |
Defense Evasion | Suppress Application Icon (T1508), Application Discovery (T1418) |
Discovery | File and Directory Discovery (T1420), System Information Discovery (T1426), Access Call Log (T1433), Access Contact List (T1432), Access Notification (T1517), Capture Audio (T1429) |
Collection | Capture Camera (T1512), Capture SMS Messages (T1412), Data from Local System (T1533), Screen Capture (T1513), Alternative Network Mediums (T1438) |
Command and Control | Standard Application Layer Protocol (T1437), Remote File Copy (T1544) |
Exfiltration | Data Encrypted (T1532) |
Impact | Delete Device Data (T1447) |
Recent Activity
In September 2020, AridViper threat group was found using an Android spyware variant called Android/SpyC32.A to snoop on WhatsApp and Telegram users.Impact
Technical Impact
- Malicious attachments used in phishing campaigns allow attackers to gain initial foothold on the target system.
- Payload delivery and execution will result in the compromise of user data and privacy.
- The target network that the compromised system is a part of becomes vulnerable to further attacks.
- Custom tools designed by the attacker allow them to execute lateral movement, avoiding detection.
Business Impact
- Cyber attack affects an organization’s goodwill and branding.
- Customers lose trust in the company.
- Companies will be liable to pay compensation/ penalty.
- Compromised company/ customer data will be sold on the Dark Web.
Indicators of Compromise
MD5
- e098135ca0b3bdfdd8465312c378e4e2
- 835f86e1e83a3da25c715e89db5355cc
- 6e2d058c3508694a392194dbb6e9fe44
- e35d13bd8f04853e69ded48cf59827ef
- ae0b53e6b378bf74e1dd2973d604be55
- 533b1aea016aacf4afacfe9a8510b168
- bbf630ca23976ddf8a561ccdb477c73d
- 315c2dbe40bc2dc62cd58872744d1f0c
- 89e9823013f711d384824d8461cc425d
- f5bac4d2de2eb1f8007f68c77bfa460e
- 4d9b6b0e7670dd5919b188cb71d478c0
- 7ea20c7c999bbd59e9b90309c0afa972
- f93faca357f9a8041a377ca913888565
- cf24ddd2bfd6ea9b362722baff36cc21
- 9d76d59de0ee91add92c938e3335f27f
- 94a5e595be051b9250e678de1ff927ac
- c7d7ee62e093c84b51d595f4dc56eab1
- c27f925a7c424c0f5125a681a9c44607
SHA-256
- 078212fc6d69641e96ed04352fba4d028fd5eadc87c7a4169bfbcfc52b8ef8f2
- 0d65b9671e51baf64e1389649c94f2a9c33547bfe1f5411e12c16ae2f2f463dd
- 11487246a864ee0edf2c05c5f1489558632fb05536d6a599558853640df8cd78
- 2115d02ead5e497ce5a52ab9b17f0e007a671b3cd95aa55554af17d9a30de37c
- 26253e9027f798bafc4a70bef1b5062f096a72b0d7af3065b0f4a9b3be937c99
- 3884ac554dcd58c871a4e55900f8847c9e308a79c321ae46ced58daa00d82ab4
- 3c8979740d2f634ff2c0c0ab7adb78fe69d6d42307118d0bb934f03974deddac
- 3da95f33b6feb5dcc86d15e2a31e211e031efa2e96792ce9c459b6b769ffd6a4
- 42fa99e574b8ac5eddf084a37ef891ee4d16742ace9037cda3cdf037678e7512
- 46dae9b27f100703acf5b9fda2d1b063cca2af0d4abeeccc6cd45d12be919531
- 47d53f4ab24632bf4ca34e9a10e11b4b6c48a242cbcfcb1579d67523463e59d2
- 4eced949a2da569ee9c4e536283dabad49e2f41371b6e8d40b80a79ec1b0e986
- 5b8b71d1140beaae4736eb58adc64930613ebeab997506fbb09aabff68242e17
- 82ad34384fd3b37f85e735a849b033326d8ce907155f5ff2d24318b1616b2950
- 83e0db0fa3feaf911a18c1e2076cc40ba17a185e61623a9759991deeca551d8b
- a60cadbf6f5ef8a2cbb699b6d7f072245c8b697bbad5c8639bca9bb55f57ae65
- b0562b41552a2fa744390a5f79a843940dade57fcf90cd23187d9c757dc32c37
- b61fa79c6e8bfcb96f6e2ed4057f5a835a299e9e13e4c6893c3c3309e31cad44
- d28ab0b04dc32f1924f1e50a5cf864325c901e11828200629687cca8ce6b2d5a
- db1c2482063299ba5b1d5001a4e69e59f6cc91b64d24135c296ec194b2cab57a
- ddaeffb12a944a5f4d47b28affe97c1bc3a613dab32e5b5b426ef249cfc29273
- e869c7f981256ddb7aa1c187a081c46fed541722fa5668a7d90ff8d6b81c1db6
- eab20d4c0eeff48e7e1b6b59d79cd169cac277aeb5f91f462f838fcd6835e0ac
- eda6d901c7d94cbd1c827dfa7c518685b611de85f4708a6701fcbf1a3f101768
Domain
- baldwin-gonzalez.live
- benyallen.club
- chad-jessie.info
- escanor.live
- jaime-martinez.info
- judystevenson.info
- krasil-anthony.icu
- nicoledotson.icu
- robert-keegan.life
- samwinchester.club
- tatsumifoughtogre.club
Mitigation
- Download applications only from trusted sources/ official app stores.
- Keep a check on the permissions granted to applications.
- Keep your antivirus updated and ensure you are using the latest version.
- Implement robust web filtering which can inspect malicious contents and restrict its download or block it quickly.
- Keep your browser up-to-date.