← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia
WHITE AlienVault 2023-11-20 Modified: 2023-11-20
23
IOCs
MEDIUM VOLUME
Sidewinder, also known as Sidewinder, QiAnXin internal tracking number APT-Q-39. This organization is generally believed to have a background in South Asia and was disclosed by domestic and foreign security vendors in 2018. Its earliest attack activities can be traced back to 2012. The organization's attack targets are generally government and military departments in China and many South Asian countries. Some of its attacks also involve universities and scientific research institutions.
RattlesnakebackdoorSidewinder
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (23)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 04e9ce276b3cd75fc2b20b9b33080f7e 2023-11-20
FileHash-MD5 30ddd9ebe00f34f131efcd8124462fe3 2023-11-20
FileHash-MD5 7bea8ea83d5b4fe5985172dbb4fa1468 2023-11-20
FileHash-MD5 92612dc223e8f0656512cd882d66f78b 2023-11-20
FileHash-MD5 b2ab01d392d7d20a9261870e709b18d7 2023-11-20
FileHash-MD5 c2184d8fd3dd3df9fd6cf7ff8e32a3a4 2023-11-20
FileHash-SHA1 f20ec2212160ad6deb13618b57cf7393bdeb7c16 SHA1 of b2ab01d392d7d20a9261870e709b18d7 2023-11-20
FileHash-SHA256 1409f9d855c06f66fb7d7c7bf9f821b5d1631da926b07dcdb260606e09763ad3 2023-11-20
FileHash-SHA256 e63430d0ac9fb655d75ca7777b5a2492ada9dbfb12888b6abc3a286103b6fa8e SHA256 of b2ab01d392d7d20a9261870e709b18d7 2023-11-20
URL http://asean-ajp.myftp.org/MOFA/ 2023-11-20
URL http://cloud.nitc.gavnp.org/mail/AFA/ 2023-11-20
URL http://dns-mofgovbt.ddns.net/update/ 2023-11-20
URL http://dns.nepal.gavnp.org/mail/AFA/ 2023-11-20
URL http://dof-govmm.sytes.net/MOFA/ 2023-11-20
URL http://drsasa.hopto.org/MOFA/ 2023-11-20
URL http://mail-mofgovbt.hopto.org/update/ 2023-11-20
URL http://mail-mohs.servehttp.com/MOFA/ 2023-11-20
URL http://microsoftupdte.redirectme.net/update/ 2023-11-20
URL http://mx1.nepal.gavnp.org/mail/AFA/ 2023-11-20
URL http://mx2.nepal.gavnp.org/mail/AFA/ 2023-11-20
URL http://pdf-shanstate.serveftp.com/MOFA/ 2023-11-20
URL http://updatemanager.ddns.net/update/ 2023-11-20
URL https://www.antiy.com/response/20211119.html 2023-11-20
References (1)
↗ https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508655&idx=1&sn=b808c9a435b473e5dc957d1b34a79432&chksm=ea6655d8dd11dcce5db489b200b67463f251c5900402b9a1cb18c9e1d9d1c56adee066eb165e&scene=178&cur_album_id=1539799351089283075#rd