SideWinder APT's post-exploitation framework analysis
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
SideWinder APT group has expanded its activities, targeting high-profile entities in the Middle East and Africa. The group employs a multi-stage infection chain using spear-phishing emails with malicious attachments. A new post-exploitation toolkit called 'StealerBot' has been discovered, designed for espionage activities. The infection process involves remote template injection, RTF exploits, and malicious LNK files. SideWinder's infrastructure uses numerous domains with subdomains mimicking legitimate organizations. Targets include government, military, logistics, infrastructure, telecommunications, financial institutions, universities, and oil trading companies across multiple countries.
OPENCTI LABELS :
apt,espionage,spear-phishing,infrastructure,cve-2017-11882,post-exploitation,moduleinstaller,backdoor loader module,stealerbot,rtf exploit
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SideWinder APT's post-exploitation framework analysis