Request a Demo
Rewterz
Rewterz Threat Alert – Cobalt Strike Malware – Active IOCs
June 17, 2022
Rewterz
Rewterz Threat Alert – AZORult Malware – Active IOCs
June 17, 2022

Rewterz Threat Alert – APT SideWinder Group – Active IOCs

Severity

High

Analysis Summary

Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have been observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are the aliases for Sidewinder APT. This APT has been targeting Pakistani government officials with a decoy file related to FOCUSED TALK ON RUSSIAN UKRAINE CONFLICT IMPACT ON PAKISTAN in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.

Impact

  • Information Theft and Espionage

Indicators of Compromise

MD5

  • 267870d2a7deec193cf6c2b6926f0451
  • 17ccf24c4e09b1bc7ce5c0eb637a4edd
  • 3de1efa51c4670610380ebf87725e5b8
  • 3df009405c2226fa5047de4caff3b927
  • 9b0a33d41dda234676ba9efe379953f3
  • 0e9a872844e912b057ebec6af011a2e7
  • 7651ed2c924d612686b4b5e6b4da0b96
  • 5aa544b5c1432710b80aa315beef5b7d
  • 32ee8258cc83415d87942edbc250acea
  • d1a7c83958cb714319fbf01f96a89504
  • 91e4d29fd1c4ee00636040c76efe166d

SHA-256

  • 4bad3e34a192a8f305e188538b4370ea835446cc6ba32fe046d9a5f2bc3df172
  • 94f24a4b26e3952c42d626fd8cb3c7e627485de5ed6a5338664d4689ef083da2
  • d3bf492b656ca32223e5eea46a0122a45b967f38bf7af3eea2fa6259e9d5a46f
  • 23882c9f2c1509b4cea69e3943d412ef2bbe0bbb129ffacd84414e393c997725
  • 91de46ab252776eb820fc789d06150a798d00b4ae3dc207dfe79fce50321cb4c
  • 8fe195b1f4e3e3286310917eb40f7c90f22b0b9ca547e46c810360695ce33c72
  • c17cbe229e743df8993b96f2887393b2565ae355f3ba61d09c901e552e7ee4d1
  • 08640338e290bc92467c94559633f427bf1d2b097bb047858e53c356fb07cbf8
  • e089dc65af44ff334304e52c29755c96460691d93cfd4e4ab75f75bc6078993e
  • 42b828e187e4b7f1ca5d774553c8b85c1fed204a2a5a8c50fd4c7e9a491fb118
  • f977d8d01e86945e9d7b41ea5861982a0b51b4c33dfe680a1fe5deaf7433d78d

SHA-1

  • db371be98f6ebdbd59ebb8d4c5d30c50babd142b
  • c6effe7fcd87f643aebc427e127dd7b00865eafd
  • c57729654d17e8d8eb3ba85a3ebd1886eacac661
  • 7f201bc04520896e016a3e2c5af37daeefda26ab
  • c185d7faca0bd655ddb02001ea8641f00a1823c0
  • 69e47f45096e0ff189048d0fc7095b45501da020
  • 15c3ae2cbfb2afb36b410c035d4c7016cd9e99fe
  • 792d20c8cc99ab8e1cf4d4bcba22131b2b76905d
  • c7de4866479416086e0cff5c3865967830e56703
  • cc44b063db58f433ae4c366861003c3435a2b7e8
  • 966b547306ac80dca0885ac9f0485fad152c7f7d

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.