• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – 3rd Party Tools and Windows 10 Apps Killed by Clop Ransomware
January 8, 2020
Rewterz Threat Alert – NetWire RAT Delivered via IMG Attachment
January 8, 2020

Rewterz Threat Alert – APT Group SideWinder

January 8, 2020

Severity

High

Analysis Summary

SideWinder is a threat group that has existed since 2012, targeting military entities’ Windows machines. It is widely known to have targeted various military entities in different regions. Recently, three malicious apps were discovered by Trend micro which were working in corelation to target a victim’s device and collect user’s information.One of the three apps is called Camero, and it exploits a vulnerability that exists in Binder, which is the main Inter-Process Communication system in Android. It was documented that this is the first known active attack in the wild that uses the use-after-free vulnerability. The three apps were disguised as photography and file manager tools. In terms of installation, SideWinder installs the payload app in two stages. First, it downloads a DEX file in Android format from its command and control server.

Impact

Exposure of sensitive information

Indicators of Compromise

SHA-256

  • ec4d6bf06dd3f94f4555d75c6daaf540dee15b18d62cc004e774e996c703cb34
  • a60fc4e5328dc75dad238d46a2867ef7207b8c6fb73e8bd001b323b16f02ba00
  • 0daefb3d05e4455b590da122255121079e83d48763509b0688e0079ab5d48886
  • 441d98dff3919ed24af7699be658d06ae8dfd6a12e4129a385754e6218bc24fa
  • ac82f7e4831907972465477eebafc5a488c6bb4d460575cd3889226c390ef8d5
  • ee679afb897213a3fd09be43806a7e5263563e86ad255fd500562918205226b8
  • 135cb239966835fefbb346165b140f584848c00c4b6a724ce122de7d999a3251
  • a265c32ed1ad47370d56cbd287066896d6a0c46c80a0d9573d2bb915d198ae42

Remediation

  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Always install applications from play store from verified accounts.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.