Rewterz Threat Alert – DanaBot Malware Makes a Return
January 27, 2021Rewterz Threat Alert – AZORult Latest IOCs
January 28, 2021Rewterz Threat Alert – DanaBot Malware Makes a Return
January 27, 2021Rewterz Threat Alert – AZORult Latest IOCs
January 28, 2021Severity
High
Analysis Summary
Sidewinder APT Group, which has been working in the interest of Indian Government, has been observed targeting Pakistani Government Officials through its latest campaigns with a decoy document related to COVID-19. This APT group has been actively targeting South Asian countries throughout 2020 and fresh IoCs are still being detected in 2021. Earlier this month, it was found targeting Pakistan Air Force with malicious samples of PAF Calender 2021. Other recent campaigns include targeting Pakistanis and Chinese military & government entities windows machines as well as mobile phones often using weaponized word documents & custom build mobile apps for information theft & espionage.
Impact
- Information Theft
- Exfiltration of Sensitive Data
Indicators of Compromise
Domain Name
- trans-aws[.]net
- del-ivery[.]net
MD5
- ef31510acd85f11e7e01100f4180db76
- 6cc8cd5b057d4328c1a4c2388d39ad3e
- 26ecc2a15754fd2c719759d0469ca4db
- afbbb49fb5e696737349d592bee1ed79
- 40ec45954c8451de2049dcd489180494
- a6de3e67f0571ca61d434a92f675bf40
SHA-256
- 224129ba3f9782d92d3fe3deec422348ce8a2d193f8b23a247cc8a78fe66aba4
- b65f2cc9af10ee4d59660875a7bd82d3bb860c8c089f8a7d79f41394c54e5edb
- 2ff29d44358175db28972f1eb6771e759ef7ff43b32e44619bb0f029cfa1b91b
- 39ddf6d6de5aae002da4517661b117d9635d879e3d97c1b370e67e4b9e1b5499
- 3f1ff47ec9a531aef3307efe3b1ad50fa010880ea94188ea78b17715b46da46a
- 41ac69886d8329a708fb3cb6a75e31e6e55caf960bbac85944f7c6d80a712c20
SHA1
- 56b05bbc8d585a22194f396f7ee7da27e9daaa9f
- 78d0bcc19800c7eedc7cecd793a3792f85795ac9
- c3dcd6c068c9e6923a8a1731194229affd1efdbd
- 720466369caa0bb7263d8bd6d924ee211cbdee11
- 389016948319d4d78d3a0027aa5b360085033978
- d5df6fa5c8b6799cf6b8c813267c0e8823fdff1c
Remediation
- Block the threat indicators at their respective controls.
- Do not download files attached in untrusted emails.