March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
December 16, 2022Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
December 16, 2022Rewterz Threat Alert – GandCrab Ransomware – Active IOCs
December 16, 2022Rewterz Threat Advisory – Multiple Linux Kernel Vulnerabilities
December 16, 2022
Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 490aeba4e2034bb7ff45ad22ffaaae42
SHA-256
- 32e9cdcc841f51e43ad79d6d903ef80bf6f84e08394275133011547d9b3f3682
SHA-1
- 5b255583308ae74dd26db610fd49ee466a35c6d3
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.