• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2021-35244 – SolarWinds Orion Zero-Day Vulnerability
February 23, 2022
Rewterz Threat Advisory – PatchWork APT Group Targeting (NCOC) – Active IOCs
February 23, 2022

Rewterz Threat Advisory – APT SideWinder Group – Active IOCs

February 23, 2022

Severity

High

Analysis Summary

Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.

Image

Sidewinder Group has been actively targeting the Government of Pakistan through Higher Education Commission (HEC) has established National Center for Cyber Security (NCCS) via phishing emails dropping malicious Word documents which enables macro when downloaded and executed. The malicious file suspected of being used as an attachment has the name CRC.docx.

Impact

  • Information Theft and Espionage

Indicators of Compromise

Domain Name

  • dbms[.]crclab-bahria[.]org

Filename

  • CRC[.]docx

MD5

  • b6669899c4616b8d9f7d38c4277499cf

SHA-256

  • 94214e83441e3a6a5cde971f6abe0d4bf226fd0750a0ad26d2241c085de9b604

SHA-1

  • 2599615cf94da7dadee8c76c7745336e8f6a54ae

URL

  • https[:]//dbms[.]crclab-bahria[.]org/5397/1/1322/2/0/0/0/m/files-54cc58cd/file[.]rtf

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.