Rewterz Threat Alert – APT SideWinder – Active IOCs

June 11, 2021

Severity

High

Analysis Summary

Sidewinder APT Group, which has been working in the interest of Indian Government, has been observed targeting Pakistani Government Officials through its latest campaigns with a decoy document related to Punjab police and their SOP for the emergency threats. This APT group has been actively targeting South Asian countries throughout 2020 and fresh IoCs are still being detected in 2021. In earlier months, it was found targeting Pakistan Air Force with malicious samples of PAF Calender 2021. Other recent campaigns include targeting Pakistanis and Chinese military & government entities windows machines as well as mobile phones often using weaponized word documents & custom build mobile apps for information theft & espionage.

Impact

Information theft and espionage

Indicators of Compromise

URL

http[:]//punjabpolice[.]gov[.]pk[.]standingoperatingprocedureforemergencythreat[.]cdnin[.]net/images/5491E413/-1/7384/89dfd89e/main[.]RTF

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Group aka Rattlesnake – Active IOCs

Microsoft Bookings Vulnerability Allowed Attackers to Modify Meeting Details

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – DanaBot Trojan – Active IOCs

Rewterz Threat Intel – The Evolution of Agrius APT Group Targeting Pakistan – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.