Rewterz Threat Advisory –Multiple IBM DataPower Gateway Vulnerabilities
August 1, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
August 2, 2022Rewterz Threat Advisory –Multiple IBM DataPower Gateway Vulnerabilities
August 1, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
August 2, 2022Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have been observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are the aliases for Sidewinder APT. This APT has been targeting Pakistani government officials with a decoy file related to FOCUSED TALK ON RUSSIAN UKRAINE CONFLICT IMPACT ON PAKISTAN. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
- 54b1157ce8045f2e83340dc5d756f412
- 898f0027c555a1cfe8dfda6bd399bd70
SHA-256
- 8b4259cb1619bcbf3f6760f0982d0a1d3c67aa26738a3d6f6788bf6c2a5410e5
- dedb443ae0718d40eab597d5d442dcb936053d512500508ee9cd5a5b689436b9
SHA-1
- cc59e275491ab440577079d555fa215895845e8e
- ec06a3e221dce280573aa1af36ede677f0c603d9
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.