Rewterz Threat Advisory – APT SideWinder Group – Active IOCs

February 23, 2022

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

February 23, 2022

Rewterz Threat Advisory – PatchWork APT Group Targeting (NCOC) – Active IOCs

February 23, 2022

Severity

High

Analysis Summary

PatchWork, (also known as Mahabusa, White Elephant, hangOver, VICEROY TIGER, and The Dropping Elephant) is an APT that mainly conducts cyber-espionage activities against Asian countries especially against China and Pakistan. The threat actors are now targeting National Command and Operation Center (NCOC) with a maldoc named “DEPT_NCOC.xlsm” which seemingly is distributed to update the employee COVID Vaccination database.

Impact

Information Theft and Espionage

Indicators of Compromise

Filename

Briefing on Ongoing Projects[.]docx
payload_1[.]bin

MD5

466fb005506e1dc15118a6768b2c7e5a
021067f645525cb5caecf04670a63485

SHA-256

eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7
c2809dcc935ed3c7923f1da67d1c5dddc4ece2353a4c0eab8c511a14fa7e04c1

SHA-1

34fdaf8593013d0f4569439f7891017703f0c294
d5bb4d8ef1ec8fdd78f58029c28c580f9a3fcbf8

URL

https[:]//dgmp-paknavy[.]mod-pk[.]com/14325/1/10/2/0/0/0/m/files-5291bef6/file[.]rtf

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

F5 BIG-IP Exploit Allows Attackers to Escape Admin Restrictions

Multiple F5 BIG-IP Products Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – APT SideWinder Group – Active IOCs

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.