216.73.216.204

Observed activity associated with Sidewinder APT. Lure document: No.9374.docx, 64f2681ad0940e6c2c9c76e6834117bf. Observed C2 infrastructure: update[.]ms-office[.]app

· Published 24/06/2026 05:26

Export JSON

Essential information

Published
24/06/2026 05:26
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
apt c2 infrastructure command and control malicious document phishing sidewinder social engineering
Related entities
1 intrusion sets (apt), 10 techniques (mitre)

Description

Recent activity has been detected linked to the Sidewinder advanced persistent threat group. The campaign utilizes a named No.9374.docx with the hash value 64f2681ad0940e6c2c9c76e6834117bf as a lure mechanism. The infrastructure supporting operations includes the domain update[.]ms-office[.]app. This observation indicates ongoing operations by Sidewinder, a threat actor known for targeting specific regions and sectors. The use of weaponized documents and deceptive domains mimicking legitimate Microsoft services demonstrates continued sophisticated tactics employed by this group.

External references