Rewterz Threat Advisory – Multiple SAP Vulnerabilties
February 9, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
February 9, 2022Rewterz Threat Advisory – Multiple SAP Vulnerabilties
February 9, 2022Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
February 9, 2022Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Impact
- Information Theft and Espionage
Indicators of Compromise
Filename
- Briefing on Ongoing Projects[.]docx
- payload_1[.]bin
MD5
- 466fb005506e1dc15118a6768b2c7e5a
- 021067f645525cb5caecf04670a63485
SHA-256
- eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7
- c2809dcc935ed3c7923f1da67d1c5dddc4ece2353a4c0eab8c511a14fa7e04c1
SHA-1
- 34fdaf8593013d0f4569439f7891017703f0c294
- d5bb4d8ef1ec8fdd78f58029c28c580f9a3fcbf8
URL
- https[:]//dgmp-paknavy[.]mod-pk[.]com/14325/1/10/2/0/0/0/m/files-5291bef6/file[.]rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.