SideWinder APT Group aka Rattlesnake Targeting Pakistan – Active IOCs

    Date: 05/06/2025

    Severity: High

    Summary

    SideWinder APT, active since at least 2012 and likely based in India, targets government, military, and financial institutions in South Asia and the Middle East.  The group leverages spear-phishing, social engineering, and zero-day exploits for network infiltration. It uses custom malware and backdoors to maintain persistence and exfiltrate sensitive data. SideWinder’s advanced TTPs support long-term espionage efforts, often aligned with geopolitical objectives.

    Indicators of Compromise (IOC) List 

    Domains \ Urls :

    advisory.army-govbd.info

    Hash : 

    b0f2f200a69db71947578fca51d4ff94

    57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d

    e4bba61544f83d14f4fabf52971d5f0fa15c5935

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Domains\Urls : 

    domainname like "advisory.army-govbd.info" or url like "advisory.army-govbd.info" or siteurl like "advisory.army-govbd.info"

    Hash 1 : 

    md5hash IN ("b0f2f200a69db71947578fca51d4ff94") 

    Hash 2 :

    sha1hash IN ("e4bba61544f83d14f4fabf52971d5f0fa15c5935")

    Hash 3 :

    sha256hash IN ("57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d")

    Reference:

    https://rewterz.com/threat-advisory/sidewinder-apt-group-aka-rattlesnake-targeting-pakistan-active-iocs-15


    Tags

    MalwareSideWinderAPTPakistanFinancial ServicesGovernment Services and FacilitiesDefense Industrial BasePhishingExploitSpear Phishing

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags