This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T20:22:50+00:00 www.secnews.physaphae.fr AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A recent spear-phishing document from Molerats APT-C-37 Overview APT-C-37, also known as Pat-Bear or the Syrian Electronic Army (SEA), was first seen in October 2015 targeting members of a terrorist organization. Since 2015, however, APT-C-37 has broadened their objectives to include government agencies, armed forces leadership, media organizations, political activists, and diplomats. The group mostly targets victims in Western countries, with the intent of defacing their websites and social accounts while leaving a public footprint after hacking one of their victims. In previous attacks, APT-C-37 targeted Windows and Android systems, utilizing popular commercial remote access trojans (RATs) such as DroidJack, SpyNote, njRAT, SSLove, and H-Worm. Technical Analysis: APT-C-37 2019 June 2019: APT-C-37 released an Android app named after the instant messaging software “WhatsApp” as an espionage tool to reportedly spy on the Syrian opposition forces. The app was capable of installing the SSLove RAT to pull private information from the phone and exfiltrating it to a remote location. Molerats Overview Molerats has been present in the cybercriminal landscape since 2012. In an analysis released by the Kaspersky’s GReAT (Global Research & Analysis Team) earlier this year on the Gaza Hacker Team and their various subgroups, Kaspersky concluded that Molerats is Gaza Cybergang “Group1.” The report also concluded that Molerats (i.e. Cybergang Group 1) operates with a lower level of sophistication than other groups within the Gaza Hacker Team. In addition, a 2016 article in Security Week reported that one of Molerats campaigns (October 2016) heavily used popular RATs like NjRat and H-Worm (aka Houdini). Technical Analysis: Molerats 2019 October 2019: In Molerats’ October operation, the attack was distributed as a phishing campaign in the Middle East. Emails included a Microsoft Word file attachment with the title “Daily report on the most important Palestinian developments for the day 9-9-2019.doc” — content that spoke to the political situation in Palestine. When a victim opened the attachment, the malware performed the following: Displayed the Microsoft Word doc]]> 2020-01-15T14:00:00+00:00 https://feeds.feedblitz.com/~/616000598/0/alienvault-blogs~Alien-Labs-Analysis-of-Threat-Groups-Molerats-and-APTC www.secnews.physaphae.fr/article.php?IdArticle=1501589 False Malware,Tool,Threat,Guideline APT-C-23 None