Date: 05/06/2025
Severity: High
Summary
SideWinder APT, active since at least 2012 and likely based in India, targets government, military, and financial institutions in South Asia and the Middle East. The group leverages spear-phishing, social engineering, and zero-day exploits for network infiltration. It uses custom malware and backdoors to maintain persistence and exfiltrate sensitive data. SideWinder’s advanced TTPs support long-term espionage efforts, often aligned with geopolitical objectives.
Indicators of Compromise (IOC) List
Domains \ Urls : | advisory.army-govbd.info |
Hash : | b0f2f200a69db71947578fca51d4ff94
57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d
e4bba61544f83d14f4fabf52971d5f0fa15c5935
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Domains\Urls : | domainname like "advisory.army-govbd.info" or url like "advisory.army-govbd.info" or siteurl like "advisory.army-govbd.info" |
Hash 1 : | md5hash IN ("b0f2f200a69db71947578fca51d4ff94")
|
Hash 2 : | sha1hash IN ("e4bba61544f83d14f4fabf52971d5f0fa15c5935")
|
Hash 3 : | sha256hash IN ("57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d")
|
Reference:
https://rewterz.com/threat-advisory/sidewinder-apt-group-aka-rattlesnake-targeting-pakistan-active-iocs-15