

Rewterz Threat Advisory – APT SideWinder Group – Active IOCs
February 23, 2022
Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 23, 2022
Rewterz Threat Advisory – APT SideWinder Group – Active IOCs
February 23, 2022
Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
February 23, 2022Severity
High
Analysis Summary
PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, and The Dropping Elephant) is an APT that mainly conducts cyber-espionage activities against Asian countries especially against China and Pakistan. The threat actors are now targeting National Command and Operation Center (NCOC) with a maldoc named “DEPT_NCOC.xlsm” which seemingly is distributed to update the employee COVID Vaccination database.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Briefing on Ongoing Projects[.]docx
- payload_1[.]bin
MD5
- 466fb005506e1dc15118a6768b2c7e5a
- 021067f645525cb5caecf04670a63485
SHA-256
- eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7
- c2809dcc935ed3c7923f1da67d1c5dddc4ece2353a4c0eab8c511a14fa7e04c1
SHA-1
- 34fdaf8593013d0f4569439f7891017703f0c294
- d5bb4d8ef1ec8fdd78f58029c28c580f9a3fcbf8
URL
- https[:]//dgmp-paknavy[.]mod-pk[.]com/14325/1/10/2/0/0/0/m/files-5291bef6/file[.]rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.