Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs

February 24, 2023

Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs

February 25, 2023

Rewterz Threat Alert – SideWinder APT Group Targeting in Pakistan Navy War College (PNWC) – Active IOCs

February 24, 2023

Severity

High

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a known cyber-espionage group that has targeted various countries in the past. In a recent attack, the group targeted Pakistan with two specific documents: “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC).

The “Overview of Flood Situation in Pakistan” document appears to be a legitimate report on the flood situation in Pakistan, which was a major problem in the country a few years ago. However, the document contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.

The “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC)” document appears to be a set of guidelines for a journal that covers the Pakistan Navy War College. However, this document also contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.

It is believed that the SideWinder APT Group targeted Pakistan with these documents to gather intelligence on the country’s military and political activities. The group is known for targeting government, military, and diplomatic organizations in various countries.

It is essential for organizations to remain vigilant and take measures to protect their sensitive information from cyber-attacks. It is also important to educate employees about the risks of opening suspicious documents or clicking on links in suspicious emails.

Overall, the SideWinder APT Group’s attack on Pakistan highlights the need for continued efforts to enhance cybersecurity measures and prevent cyber-espionage activities.

Recently the threat actors were observed targeting the Pakistan Navy War College (PNWC) with the file named “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC).”

Impact

Information Theft and Espionage

Indicators of Compromise

Domain Name

mofs-gov.org
sinacn.co
paf-govt.net
mofagov.com
alit.info
bol-north.com

MD5

a8c470bb09cccd25df1821d14c5fb868
02795c2873ed1a118b72d923e2ec7c28
a92a98d9a88060a50f91f56b7fd11e81

SHA-256

46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e
ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf
023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284

SHA-1

84dd4ac6f324036985f814bb822fc87b7cf5887d
b53cf29830cdd0b5f144ebf12b9aa0284f5ffc3a
238dfe88da608c60e8fbfa164704e6754f1c6233

Remediation

Block all threat indicators at your respective controls.
Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs

Rewterz Threat Alert – Russian Threat Actors Target European NGO Systems with TinyTurla-NG Backdoor – Active IOCs

Rewterz Threat Advisory – CVE-2024-26246 – Microsoft Edge Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us