Rectifyq📃Title: Sowbug: Cyber espionage group targets South American and Southeast Asian governments
📅Date: 2017-11-07
🔗References:
Description
Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates.
To date, Sowbug appears to be focused mainly on government entities in South America and Southeast Asia and has infiltrated organizations in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia. The group is well resourced, capable of infiltrating multiple targets simultaneously and will often operate outside the working hours of targeted organizations in order to maintain a low profile.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Argentina”
- target-information=“Brazil”
- target-information=“Ecuador”
- target-information=“Peru”
- target-information=“Malaysia”
- malpedia=“Felismus”
- malpedia=“MimiKatz”
- malpedia=“StarLoader”
- producer Symantec
- threat-actor Sowbug
- target-information=“Brunei”
- mitre-attack-pattern=[]
MISP event uuid: 57df35b2-526b-4224-a79d-1357afde164c
Indicator of Compromise (IoCs)
type,value,comment
md5, c1f65ddabcc1f23d9ba1600789eb581b, 'Backdoor.Felismus No sample in VT\r\nLast check:23/02/2025'
domain, cosecman.com, 'C2'
domain, nasomember.com, 'C2'
domain, unifoxs.com, 'C2'
Full IOCs available in Rectifyq's MISP```