Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 14, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
June 14, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
June 14, 2022Rewterz Threat Alert – Mirai Botnet – Active IOCs
June 14, 2022Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have been observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are the aliases for Sidewinder APT. This APT has been targeting Pakistani government officials with a decoy file related to FOCUSED TALK ON RUSSIAN UKRAINE CONFLICT IMPACT ON PAKISTAN in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- pnwc[.]bahriafoundation[.]live
MD5
- 36e14deaed17e71b4dee52dc139914f1
SHA-256
- cf79ecafd3e1ae354fcf9cf33acdb06b6b64dc9a8128656a9d27ff94e154f9c4
SHA-1
- 349199a7a2c790b0057ba8fbadbe8730c7303f19
URL
- https[:]//pnwc[.]bahriafoundation[.]live/5610/1/4203/2/0/0/0/m/files-2fc0caf2/file[.]rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.