March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Severity Low Analysis Summary CVE-2024-26246 Microsoft Edge (Chromium-based) could allow a physical authenticated attacker to bypass security restrictions. An attacker could exploit this vulnerability to bypass […]

March 22, 2024

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]

March 22, 2024

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Severity High Analysis Summary Turla, a Russian espionage threat actor, infected and compromised many systems of an unknown non-governmental organization (NGO) in Europe by deploying a […]

March 22, 2024

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

March 10, 2022

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities

March 10, 2022

Rewterz Threat Alert – APT SideWinder Group – Active IOCs

March 10, 2022

Severity

High

Analysis Summary

Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.

Staying attentive while receiving an email from an unknown sender, utilizing a reputable anti-malware solution, and avoiding clicking on suspicious links or files are some of the remediations for this APT.

Impact

Information Theft and Espionage

Indicators of Compromise

MD5

c8e1010b7ee1647b582048bfd67a9e0e
04effbbd901879abcd2834e530d5e9ad
7bcdef8e11c27e65e7016d145a24d195
6162005b9ae5d4a8070bfe5f560b0912
c19201cbd7ad2221844268c0ba694a3a
277955afbf4ca44a018961f66a603f82

SHA-256

1a9d8b16ef6132884161bd820fe24cbfc8dc9514c3b31d7eacf4de707899dd6a
f7eb8fdb6eabb2fb64314c898c621c4aedb8c167c50bd62ad799fa2c0bc306b6
5e1ac5f28b37afc3b2a1902ee7c68485b3fcc55d648ff9e5309646a77ff53882
d8aa512b03a5fc451f9b7bc181d842936798d5facf1b20a2d91d8fdd82aa28b7
f44fd723398e148f7d437d22a417fd5b4c4f835a7b5a7c1624706e942320afa4
319bd26ad751a79b1b1c474749d3d856277b712f1eca3b1a88a8605a8f2facaf

SHA-1

2a71114f70b711da6b46e2e35562e4326e09d8bc
a683f08912a3c845f0360f52a399f1774f9158c2
c15a35dfbae4789b62b88ab268c5849255837edd
b4928e4c3a8787e0461e2e78138091134c7f719a
3669f18e92eed9f4a0a8ee3df284798ff7a7a232
d3862d50c36d03bab2d6b3f78c17f2fdd0704451

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Agent Tesla Malware – Active IOCs

Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities