RST TI Report Digest: 03 Nov 2025

**SideWinder’s Shifting Sands — Click Once for Espionage:** Trellix ARC identified a sophisticated SideWinder APT campaign targeting diplomatic institutions in South Asia using spear‑phishing that delivered ClickOnce installers (ModuleInstaller and StealerBot); the adversary used geofencing, polymorphism, DLL sideloading and timing-based evasion to limit detection, and the report includes numerous IOCs (domains, URLs, file hashes, and email addresses) for detection and response.