Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
May 31, 2021Rewterz Threat Alert – APT-C-23 aka AridViper – Active IOCs
May 31, 2021Rewterz Threat Alert – Raccoon Infostealer – Active IOCs
May 31, 2021Rewterz Threat Alert – APT-C-23 aka AridViper – Active IOCs
May 31, 2021Severity
High
Analysis Summary
The SideWinder advanced persistent threat (APT) group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal, and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in China. SideWinder typically targets victims in South Asia and its surroundings – and this latest campaign is no exception. The target here includes China and the documents show something of a pending order of Poly which refers to the status of pending along with the payments.
Impact
- Information theft and espionage
Indicators of Compromise
Filename
- poly pending orders[.]doc
MD5
- 9016ed3c0fef18cfef81f71953e77572
SHA-256
- ff54e9228b7160f9272d67ad1423600d2cb7aa4d335412a28b11f63a517270fe
SHA1
- ce687b59c430ae24cafd3c05625d19bdef653f41
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.