Rewterz Threat Alert – Earth Preta Spear-Phishing Campaign Targets Governments Worldwide – Active IOCs
December 1, 2022Rewterz Threat Alert – LockBit Ransomware – Active IOCs
December 1, 2022Rewterz Threat Alert – Earth Preta Spear-Phishing Campaign Targets Governments Worldwide – Active IOCs
December 1, 2022Rewterz Threat Alert – LockBit Ransomware – Active IOCs
December 1, 2022Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have been observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are the aliases for Sidewinder APT. This APT has been targeting Pakistani government officials with a decoy file related to GUIDELINES FOR JOURNAL – 2023 PAKISTAN NAVY WAR COLLEGE (PNWC).docx. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Recently the threat actors were observed targeting Pakistan Navy War College (PNWC) with the file named “GUIDELINES FOR JOURNAL – 2023 PAKISTAN NAVY WAR COLLEGE (PNWC).docx”
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
666b2b178ce52e30be9e69de93cc60a9
SHA-256
cd09bf437f46210521ad5c21891414f236e29aa6869906820c7c9dc2b565d8be
SHA-1
fcc2d69a02f091593bc4f0b7d4f3cb5c90b4b011
URL
https://pnwc.bol-north.com/5808/1/3686/2/0/0/0/m/files-a2e589d2/file.rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.