Observed activity associated with Sidewinder APT. Lure document: No.9374.docx, 64f2681ad0940e6c2c9c76e6834117bf. Observed C2 infrastructure: update[.]ms-office[.]app
Essential information
- Published
- 24/06/2026 05:26
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- apt c2 infrastructure command and control malicious document phishing sidewinder social engineering
- Related entities
- 1 intrusion sets (apt), 10 techniques (mitre)
Description
Recent activity has been detected linked to the Sidewinder advanced persistent threat group. The campaign utilizes a malicious document named No.9374.docx with the hash value 64f2681ad0940e6c2c9c76e6834117bf as a lure mechanism. The infrastructure supporting command and control operations includes the domain update[.]ms-office[.]app. This observation indicates ongoing operations by Sidewinder, a threat actor known for targeting specific regions and sectors. The use of weaponized documents and deceptive domains mimicking legitimate Microsoft services demonstrates continued sophisticated social engineering tactics employed by this group.