Rewterz Threat Advisory – CVE-2022-41264 – SAP BASIS Vulnerability
December 15, 2022Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerability
December 15, 2022Rewterz Threat Advisory – CVE-2022-41264 – SAP BASIS Vulnerability
December 15, 2022Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerability
December 15, 2022Severity
High
Analysis Summary
Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are some of the other names for Sidewinder APT. It has been detected targeting Pakistani government officials with a decoy file related to COVID-19 in its most recent effort. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.
Impact
- Information Theft and Espionage
Indicators of Compromise
MD5
356f30ba570428a6d0896e3960de8b70
6d156dea0754ee1a4b9e1f755e07bda8
SHA-256
542fb0e314df639a7eef7ff077ddfd9574e70fb5ed5cbaf31c44d97f77e0c43c
21c885488414b47452c4b5c93acc96b73122c99739e79c8854fe880f41fe40f1
SHA-1
5120621ec0a2eecb692f8042d1f6789a8bb182d8
7dcb9ef2f319522a0d0b2b73379dd44f0bf80647
URL
http://paknavy-gov-pk.downld.net/14578/1/6277/2/0/0/0/m/files-75dc2b1e/file.rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open ” links and attachments received from unknown sources/senders.