Mastodawn

Observed activity associated with Sidewinder APT. Lure document: No.9374.docx, 64f2681ad0940e6c2c9c76e6834117bf. Observed C2 infrastructure: update[.]ms-office[.]app

Recent activity has been detected linked to the Sidewinder advanced persistent threat group. The campaign utilizes a malicious document named No.9374.docx with the hash value 64f2681ad0940e6c2c9c76e6834117bf as a lure mechanism. The infrastructure supporting command and control operations includes the domain update[.]ms-office[.]app. This observation indicates ongoing operations by Sidewinder, a threat actor known for targeting specific regions and sectors. The use of weaponized documents and deceptive domains mimicking legitimate Microsoft services demonstrates continued sophisticated social engineering tactics employed by this group.

Pulse ID: 6a3b4e5dc7cef5136c49c364
Pulse Link: https://otx.alienvault.com/pulse/6a3b4e5dc7cef5136c49c364
Pulse Author: AlienVault
Created: 2026-06-24 03:26:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #MaliciousDocument #Microsoft #Mimic #OTX #Office #OpenThreatExchange #RAT #Sidewinder #SocialEngineering #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

ITSEC News Apr 16, 2020

New PoetRAT Hits Energy Sector With Data-Stealing Tools - A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at steal... more: https://threatpost.com/new-poetrat-hits-energy-sector-with-data-stealing-tools/154876/ #remoteaccesstrojan #maliciousdocument #azerbaijanenergy #cybersecurity #coronavirus #malware #poetrat #scada #rat

New PoetRAT Hits Energy Sector With Data-Stealing Tools

A never-before-seen RAT is targeting Azerbaijan energy companies with various tools aimed at stealing credentials and exfiltrating valuable data.

Threatpost - English - Global - threatpost.com

ITSEC News Jan 23, 2020

U.S. Gov Agency Targeted With Malware-Laced Emails - The malicious email campaign included a never-before-seen malware downloader called Carrotball, an... more: https://threatpost.com/u-s-gov-agency-malware-laced-emails/152141/ #maliciousdocument #fracturedstatue #u.s.government #spearphishing #government #carrotball #konnigroup #northkorea #carrotbat #phishing #security #malware #syscon #email #nokki #apt

U.S. Gov Agency Targeted With Malware-Laced Emails

The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.

Threatpost - English - Global - threatpost.com

ITSEC News Sep 23, 2019

More U.S. Utility Firms Targeted in Evolving LookBack Spearphishing Campaign - A spearphishing campaign first uncovered in July is hitting more utilities firms and spreading the... more: https://threatpost.com/more-u-s-utility-firms-targeted-in-evolving-lookback-spearphishing-campaign/148575/ #maliciousdocument #vulnerabilities #lookbackmalware #maliciousemail #socialengineer #spearphishing #utilities #lookback #phishing #malware #macros #trojan #email

LookBack Malware Targets More Utilities Firms With New Macros, Tactics

A spearphishing campaign first uncovered in July is hitting more utilities firms and spreading the LookBack malware, which has capabilities to view system data and reboot machines.

Threatpost - English - Global - threatpost.com