Rewterz

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 10, 2022
Rewterz

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

March 10, 2022

Rewterz Threat Alert – APT SideWinder Group – Active IOCs

Severity

High

Analysis Summary

Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.

Staying attentive while receiving an email from an unknown sender, utilizing a reputable anti-malware solution, and avoiding clicking on suspicious links or files are some of the remediations for this APT.

Impact

  • Information Theft and Espionage

Indicators of Compromise

MD5

  • c8e1010b7ee1647b582048bfd67a9e0e
  • 04effbbd901879abcd2834e530d5e9ad
  • 7bcdef8e11c27e65e7016d145a24d195
  • 6162005b9ae5d4a8070bfe5f560b0912
  • c19201cbd7ad2221844268c0ba694a3a
  • 277955afbf4ca44a018961f66a603f82

SHA-256

  • 1a9d8b16ef6132884161bd820fe24cbfc8dc9514c3b31d7eacf4de707899dd6a
  • f7eb8fdb6eabb2fb64314c898c621c4aedb8c167c50bd62ad799fa2c0bc306b6
  • 5e1ac5f28b37afc3b2a1902ee7c68485b3fcc55d648ff9e5309646a77ff53882
  • d8aa512b03a5fc451f9b7bc181d842936798d5facf1b20a2d91d8fdd82aa28b7
  • f44fd723398e148f7d437d22a417fd5b4c4f835a7b5a7c1624706e942320afa4
  • 319bd26ad751a79b1b1c474749d3d856277b712f1eca3b1a88a8605a8f2facaf

SHA-1

  • 2a71114f70b711da6b46e2e35562e4326e09d8bc
  • a683f08912a3c845f0360f52a399f1774f9158c2
  • c15a35dfbae4789b62b88ab268c5849255837edd
  • b4928e4c3a8787e0461e2e78138091134c7f719a
  • 3669f18e92eed9f4a0a8ee3df284798ff7a7a232
  • d3862d50c36d03bab2d6b3f78c17f2fdd0704451

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.