Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia [Monday, November 20, 2023]

Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia [Monday, November 20, 2023]
https://www.securitricks.com/content/images/size/w600/format/webp/2023/12/ATTACK-REPORT-LOGO-2.png
Report

Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia

Description :
Sidewinder, also known as Sidewinder, QiAnXin internal tracking number APT-Q-39. This organization is generally believed to have a background in South Asia and was disclosed by domestic and foreign security vendors in 2018. Its earliest attack activities can be traced back to 2012. The organization's attack targets are generally government and military departments in China and many South Asian countries. Some of its attacks also involve universities and scientific research institutions.

Published :
2023-11-20T10:56:22.467Z

Created :
2023-11-20T10:56:22.467Z

Modified :
2023-11-20T11:10:27.991Z

Tags

  • backdoor
  • sidewinder
  • rattlesnake

Indicators

URLs :
  • http://asean-ajp.myftp.org/MOFA/
  • http://dof-govmm.sytes.net/MOFA/
  • http://dns.nepal.gavnp.org/mail/AFA/
  • http://updatemanager.ddns.net/update/
  • http://cloud.nitc.gavnp.org/mail/AFA/
  • http://mx1.nepal.gavnp.org/mail/AFA/
  • http://mail-mofgovbt.hopto.org/update/
  • http://mail-mohs.servehttp.com/MOFA/
  • http://mx2.nepal.gavnp.org/mail/AFA/
  • http://dns-mofgovbt.ddns.net/update/
  • https://www.antiy.com/response/20211119.html
  • http://drsasa.hopto.org/MOFA/
  • http://pdf-shanstate.serveftp.com/MOFA/
  • http://microsoftupdte.redirectme.net/update/
Hashes :
  • e63430d0ac9fb655d75ca7777b5a2492ada9dbfb12888b6abc3a286103b6fa8e
  • 1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3
Attacks Pattern :
  • T1170
  • T1070.004
  • T1137.001
  • T1053
  • T1566
  • T1193
  • T1102
External References :

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! Youโ€™ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.