Observed activity associated with Sidewinder APT. Lure document: No.9374.docx, 64f2681ad0940e6c2c9c76e6834117bf. Observed C2 infrastructure: update[.]ms-office[.]app

Pulse ID: 6a3cbe4f68f14d09a3331ef4
Pulse Link: https://otx.alienvault.com/pulse/6a3cbe4f68f14d09a3331ef4
Pulse Author: Tr1sa111
Created: 2026-06-25 05:36:15

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #Office #OpenThreatExchange #Sidewinder #bot #Tr1sa111

Observed activity associated with Sidewinder APT. Lure document: No.9374.docx, 64f2681ad0940e6c2c9c76e6834117bf. Observed C2 infrastructure: update[.]ms-office[.]app

Recent activity has been detected linked to the Sidewinder advanced persistent threat group. The campaign utilizes a malicious document named No.9374.docx with the hash value 64f2681ad0940e6c2c9c76e6834117bf as a lure mechanism. The infrastructure supporting command and control operations includes the domain update[.]ms-office[.]app. This observation indicates ongoing operations by Sidewinder, a threat actor known for targeting specific regions and sectors. The use of weaponized documents and deceptive domains mimicking legitimate Microsoft services demonstrates continued sophisticated social engineering tactics employed by this group.

Pulse ID: 6a3b4e5dc7cef5136c49c364
Pulse Link: https://otx.alienvault.com/pulse/6a3b4e5dc7cef5136c49c364
Pulse Author: AlienVault
Created: 2026-06-24 03:26:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #MaliciousDocument #Microsoft #Mimic #OTX #Office #OpenThreatExchange #RAT #Sidewinder #SocialEngineering #bot #AlienVault