Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 24, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
February 25, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 24, 2023Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
February 25, 2023Severity
High
Analysis Summary
The SideWinder APT (Advanced Persistent Threat) Group is a known cyber-espionage group that has targeted various countries in the past. In a recent attack, the group targeted Pakistan with two specific documents: “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC).
The “Overview of Flood Situation in Pakistan” document appears to be a legitimate report on the flood situation in Pakistan, which was a major problem in the country a few years ago. However, the document contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.
The “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC)” document appears to be a set of guidelines for a journal that covers the Pakistan Navy War College. However, this document also contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.
It is believed that the SideWinder APT Group targeted Pakistan with these documents to gather intelligence on the country’s military and political activities. The group is known for targeting government, military, and diplomatic organizations in various countries.
It is essential for organizations to remain vigilant and take measures to protect their sensitive information from cyber-attacks. It is also important to educate employees about the risks of opening suspicious documents or clicking on links in suspicious emails.
Overall, the SideWinder APT Group’s attack on Pakistan highlights the need for continued efforts to enhance cybersecurity measures and prevent cyber-espionage activities.
Recently the threat actors were observed targeting the Pakistan Navy War College (PNWC) with the file named “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC).”
Impact
- Information Theft and Espionage
Indicators of Compromise
Domain Name
- mofs-gov.org
- sinacn.co
- paf-govt.net
- mofagov.com
- alit.info
- bol-north.com
MD5
- a8c470bb09cccd25df1821d14c5fb868
- 02795c2873ed1a118b72d923e2ec7c28
- a92a98d9a88060a50f91f56b7fd11e81
SHA-256
- 46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e
- ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf
- 023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284
SHA-1
- 84dd4ac6f324036985f814bb822fc87b7cf5887d
- b53cf29830cdd0b5f144ebf12b9aa0284f5ffc3a
- 238dfe88da608c60e8fbfa164704e6754f1c6233
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls