Rewterz Threat Advisory – Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
November 5, 2020Rewterz Threat Advisory – CVE-2020-15679 – Mozilla VPN session hijacking
November 6, 2020Rewterz Threat Advisory – Cisco SD-WAN vManage Software Cross-Site Scripting Vulnerability
November 5, 2020Rewterz Threat Advisory – CVE-2020-15679 – Mozilla VPN session hijacking
November 6, 2020Severity
High
Analysis Summary
Hardcore Nationalist (HN2) aka Sidewinder APT Group, which has been working in the interest of Indian Government, was observed targeting Pakistani Government Officials through decoy documents of NDC meeting. Hardcore Nationalist aka SideWinder is a threat group active since 2012 according to Kaspersky. This group mainly targets Pakistanis and Chinese military & government entities windows machines as well as mobile phones often using weaponized word documents & custom build mobile apps for information theft & espionage.
Impact
Exposure of sensitive information
Indicators of Compromise
Domain Name
- kp[.]gov-pok[.]net
- theguardian-pk-protest-against-imran-khan[.]gov-pok[.]net
- google[.]gov-pok[.]net
- moma[.]gov-pok[.]net
- pgzsa-pl-defence-pk[.]gov-pok[.]net
Filename
- NDC Participants[.]docx
- main[.]file[.]rtf
MD5
- df020e81b7ca32868a8ac1f5eddd086f
- 91c96924f79fe35471bf3a910e5b50d8
SHA-256
- 2ab12f79e435abe40ad30076eb4722be724d766c8050dcd9a90fa9f17e6eff1f
- e3be9192477e43ad94b16f4c0a9775adf9019172c0c89712907a8f9a1680100c
SHA1
- dc293a0c146321f6f02399ea626e8030f0006375
- 209edea3cc34d3b65240a5a6e8c969287efae79c
URL
- http[:]//pok[.]net/images/C7CFABDA/-1/13897/0ac61c6e/main[.]file[.]rtf
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.