IOC Radar
TLP:WHITE145 IOCs

Beyond the Surface: the evolution and expansion of the SideWinder APT group

BO
Botvrij.eu OSINT Feed
Published October 20, 2024Original Report

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREdirctt88.coaliyum.techkernet.infoCAPABILITYunknownVICTIMunknown
Adversary
Infrastructure(6)
Capability
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise145

TypeIndicatorConfidenceScoreFirst Seen
Domaindirctt88.co
indicatornetwork
High
68
Jun 2, 26
Domainaliyum.tech
loadermalwarenetwork
High
68
Jun 2, 26
MD5c3ce4094b3411060928143f63701aa2e
file-hashloadermalware
High
68
Jun 2, 26
Domainkernet.info
indicatornetwork
High
68
Jun 2, 26
Domainasyn.info
indicatornetwork
High
68
Jun 2, 26
Domainu1x.co
indicatornetwork
High
68
Jun 2, 26
MD5101a63ecdd8c68434c665bf2b1d3ffc7
file-hashloadermalware
High
68
Jun 2, 26
MD5d0d1fba6bb7be933889ace0d6955a1d7
file-hashloadermalware
High
68
Jun 2, 26
Domainmoittpk.org
indicatornetwork
High
68
Jun 2, 26
Domaintsinghua-edu.tech
indicatornetwork
High
68
Jun 2, 26
Domaintex-ideas.info
indicatornetwork
High
68
Jun 2, 26
Domainpmd-office.org
indicatornetwork
High
68
Jun 2, 26
Domaintazze.co
indicatornetwork
High
68
Jun 2, 26
Domaincolot.info
indicatornetwork
High
68
Jun 2, 26
Domaindafpak.org
indicatornetwork
High
68
Jun 2, 26
Domainntcpak.org
indicatornetwork
High
68
Jun 2, 26
MD52f4ba98dcd45e59fca488f436ab13501
file-hashloadermalware
High
68
Jun 2, 26
Domaindirectt888.com
indicatornetwork
High
68
Jun 2, 26
Domainnewoutlook.live
indicatornetwork
High
68
Jun 2, 26
MD55718c0d69939284ce4f6e0ce580958df
file-hashloadermalware
High
68
Jun 2, 26
MD51be93704870afd0b22a4475014f199c3
file-hashloadermalware
High
68
Jun 2, 26
Domaindetru.info
indicatornetwork
High
68
Jun 2, 26
Domainupdate-govpk.co
indicatornetwork
High
68
Jun 2, 26
Domainnventic.info
indicatornetwork
High
68
Jun 2, 26
Domainscrabt.tech
indicatornetwork
High
68
Jun 2, 26
Domainnumzy.net
indicatornetwork
High
68
Jun 2, 26
Domaindecoty.tech
indicatornetwork
High
68
Jun 2, 26
Domainkretic.info
indicatornetwork
High
68
Jun 2, 26
Domainbol-south.org
indicatornetwork
High
68
Jun 2, 26
Domainmfagov.org
indicatornetwork
High
68
Jun 2, 26
Domainwidge.info
indicatornetwork
High
68
Jun 2, 26
Domaindirctt88.net
indicatornetwork
High
68
Jun 2, 26
Domaindefenec.net
indicatornetwork
High
68
Jun 2, 26
Domaingovpk.info
indicatornetwork
High
68
Jun 2, 26
Domaincnsa-gov.org
indicatornetwork
High
68
Jun 2, 26
Domainnactagovpk.org
indicatornetwork
High
68
Jun 2, 26
Domainujsen.net
indicatornetwork
High
68
Jun 2, 26
MD54a5e818178f9b2dc48839a5dbe0e3cc1
file-hashloadermalware
High
68
Jun 2, 26
Domaincondet.org
indicatornetwork
High
68
Jun 2, 26
Domainntcpak.live
indicatornetwork
High
68
Jun 2, 26
MD52011658436a7b04935c06f59a5db7161
file-hashloadermalware
High
68
Jun 2, 26
Domainpaknavy-gov.org
indicatornetwork
High
68
Jun 2, 26
MD5b69867ee5b9581687cef96e873b775ff
file-hashloadermalware
High
68
Jun 2, 26
Domainshipping-policy.info
indicatornetwork
High
68
Jun 2, 26
MD5d885df399fc9f6c80e2df0c290414c2f
file-hashloadermalware
High
68
Jun 2, 26
Domaindgps-govpk.co
indicatornetwork
High
68
Jun 2, 26
Domainntcpk.net
indicatornetwork
High
68
Jun 2, 26
Domainnumpy.info
indicatornetwork
High
68
Jun 2, 26
MD5423e150d91edc568546f0d2f064a8bf1
file-hashloadermalware
High
68
Jun 2, 26
Domaindownload-file.net
indicatornetwork
High
68
Jun 2, 26
Domainmfa-govt.net
indicatornetwork
High
68
Jun 2, 26
Domainmod-gov-pk.live
indicatornetwork
High
68
Jun 2, 26
Domainoffice-drive.live
indicatornetwork
High
68
Jun 2, 26
Domaindytt88.org
indicatornetwork
High
68
Jun 2, 26
Domainsjfu-edu.co
indicatornetwork
High
68
Jun 2, 26
Domainausibedu.org
indicatornetwork
High
68
Jun 2, 26
Domainntcpk.info
indicatornetwork
High
68
Jun 2, 26
Domainpafgovt.com
indicatornetwork
High
68
Jun 2, 26
Domainpmd-office.com
indicatornetwork
High
68
Jun 2, 26
Domaindirect888.net
indicatornetwork
High
68
Jun 2, 26
Domainnopler.live
indicatornetwork
High
68
Jun 2, 26
Domainupdtesession.online
indicatornetwork
High
68
Jun 2, 26
MD5bf16760ee49742225fdb2a73c1bd83c7
file-hashloadermalware
High
68
Jun 2, 26
Domaindgps-govpk.com
indicatornetwork
High
68
Jun 2, 26
Domainpaknavy-govpk.net
indicatornetwork
High
68
Jun 2, 26
Domainpdfrdr-update.info
indicatornetwork
High
68
Jun 2, 26
Domainfia-gov.net
indicatornetwork
High
68
Jun 2, 26
Domaingrouit.tech
indicatornetwork
High
68
Jun 2, 26
MD5b3650a88a50108873fc45ad3c249671a
file-hashloadermalware
High
68
Jun 2, 26
Domaindonwload-file.com
indicatornetwork
High
68
Jun 2, 26
MD526aa30505d8358ebeb5ee15aecb1cbb0
file-hashloadermalware
High
68
Jun 2, 26
Domaindynat.tech
indicatornetwork
High
68
Jun 2, 26
Domainaliyumm.tech
indicatornetwork
High
68
Jun 2, 26
MD53ede84d84c02aa7483eb734776a20dea
file-hashloadermalware
High
68
Jun 2, 26
Domainfia-gov.com
indicatornetwork
High
68
Jun 2, 26
Domainjmicc.xyz
indicatornetwork
High
68
Jun 2, 26
Domainhealththebest.com
indicatornetwork
High
68
Jun 2, 26
MD554aadadcf77dec53b2566fe61b034384
file-hashloadermalware
High
68
Jun 2, 26
Domaingtrec.info
indicatornetwork
High
68
Jun 2, 26
Domainlforvk.com
indicatornetwork
High
68
Jun 2, 26
MD5f840c721e533c05d152d2bc7bf1bc165
file-hashloadermalware
High
68
Jun 2, 26
MD592dd91a5e3dfb6260e13c8033b729e03
file-hashloadermalware
High
68
Jun 2, 26
MD50fbb71525d65f0196a9bfbffea285b18
file-hashloadermalware
High
68
Jun 2, 26
MD5c87eb71ff038df7b517644fa5c097eac
aptespionagefile-hash
High
68
Jun 2, 26
MD58d7c43913eba26f96cd656966c1e26d5
file-hashloadermalware
High
68
Jun 2, 26
Domainpdfrdr-update.com
indicatornetwork
High
68
Jun 2, 26
Domainalit.live
loadermalwarenetwork
High
68
Jun 2, 26
Domain163inc.com
loadermalwarenetwork
High
68
Jun 2, 26
Domainmfa-gov.net
indicatornetwork
High
68
Jun 2, 26
Domainmshealthcheck.live
indicatornetwork
High
68
Jun 2, 26
Domainmofagovs.org
indicatornetwork
High
68
Jun 2, 26
Domaingovpk.net
indicatornetwork
High
68
Jun 2, 26
MD55cc784afb69c153ab325266e8a7afaf4
file-hashloadermalware
High
68
Jun 2, 26
MD586eeb037f5669bff655de1e08199a554
file-hashloadermalware
High
68
Jun 2, 26
Domaingov-govpk.info
indicatornetwork
High
68
Jun 2, 26
Domainpmd-office.live
indicatornetwork
High
68
Jun 2, 26
MD58e8b61e5fb6f6792f2bee0ec947f1989
file-hashloadermalware
High
68
Jun 2, 26
Domaincomptes.tech
indicatornetwork
High
68
Jun 2, 26
Domaindirect88.co
indicatornetwork
High
68
Jun 2, 26
Domaintni-mil.com
indicatornetwork
High
68
Jun 2, 26
Domainnavy-mil.co
indicatornetwork
High
68
Jun 2, 26
MD547f51c7f31ab4a0d91a0f4c07b2f99d7
file-hashloadermalware
High
68
Jun 2, 26
Domaine1x.tech
indicatornetwork
High
68
Jun 2, 26
MD5f3058ac120a2ae7807f36899e27784ea
file-hashloadermalware
High
68
Jun 2, 26
MD5515d2d6f91ba4b76847301855dfc0e83
file-hashloadermalware
High
68
Jun 2, 26
MD5412b6ac53aeadb08449e41dccffb1abe
file-hashloadermalware
High
68
Jun 2, 26
MD53a6916192106ae3ac7e55bd357bc5eee
file-hashloadermalware
High
68
Jun 2, 26
MD54c40fcb2a12f171533fc070464db96d1
file-hashloadermalware
High
68
Jun 2, 26
MD58f83d19c2efc062e8983bce83062c9b6
file-hashloadermalware
High
68
Jun 2, 26
Domaine1ix.mov
indicatornetwork
High
68
Jun 2, 26
MD51ed7ad166567c46f71dc703e55d31c7a
file-hashloadermalware
High
68
Jun 2, 26
Domainnewmofa.com
indicatornetwork
High
68
Jun 2, 26
Domainconft.live
indicatornetwork
High
68
Jun 2, 26
Domain126-com.live
loadermalwarenetwork
High
68
Jun 2, 26
Domaindefpak.org
indicatornetwork
High
68
Jun 2, 26
Domainmfas.pro
indicatornetwork
High
68
Jun 2, 26
MD51c36177ac4423129e301c5a40247f180
file-hashloadermalware
High
68
Jun 2, 26
Domainmfa-gov.info
indicatornetwork
High
68
Jun 2, 26
Domainmofa.email
indicatornetwork
High
68
Jun 2, 26
Domainafmat.tech
loadermalwarenetwork
High
68
Jun 2, 26
MD5e1bdfa55227d37a71cdc248dc9512296
file-hashloadermalware
High
68
Jun 2, 26
MD56cf6d55a3968e2176db2bba2134bbe94
aptespionagefile-hash
High
68
Jun 2, 26
Domaindinfed.co
indicatornetwork
High
68
Jun 2, 26
Domainpaknavy-govpk.info
indicatornetwork
High
68
Jun 2, 26
MD52f0e150e3d6dbb1624c727d1a641e754
file-hashloadermalware
High
68
Jun 2, 26
MD53a036a1846bfeceb615101b10c7c910e
file-hashloadermalware
High
68
Jun 2, 26
Domaintumet.info
indicatornetwork
High
68
Jun 2, 26
Domainmoittpk.net
indicatornetwork
High
68
Jun 2, 26
MD57e97cbf25eef7fc79828c033049822af
file-hashloadermalware
High
68
Jun 2, 26
MD5ea4b3f023bac3ad1a982cace9a6eafc3
file-hashloadermalware
High
68
Jun 2, 26
Domainmitlec.site
indicatornetwork
High
68
Jun 2, 26
MD544dbdd87b60c20b22d2a7926ad2d7bea
file-hashloadermalware
High
68
Jun 2, 26
Domainptcl-net.com
indicatornetwork
High
68
Jun 2, 26
MD5873079cd3e635adb609c38af71bad702
file-hashloadermalware
High
68
Jun 2, 26
Domainmfacom.org
indicatornetwork
High
68
Jun 2, 26
MD58202209354ece5c53648c52bdbd064f0
file-hashloadermalware
High
68
Jun 2, 26
Domaindownld.net
indicatornetwork
High
68
Jun 2, 26
MD5eef9c0a9e364b4516a83a92592ffc831
file-hashloadermalware
High
68
Jun 2, 26
Domainsupport-update.info
indicatornetwork
High
68
Jun 2, 26
Domaindowmload.net
indicatornetwork
High
68
Jun 2, 26
Domaindonwloaded.com
indicatornetwork
High
68
Jun 2, 26
MD53233db78e37302b47436b550a21cdaf9
file-hashloadermalware
High
68
Jun 2, 26
Domaindownloadabledocx.com
indicatornetwork
High
68
Jun 2, 26
Domaindonwloaded.net
indicatornetwork
High
68
Jun 2, 26
MD5e706fc65f433e54538a3dbb1c359d75f
file-hashloadermalware
High
68
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph145 total IOCs
DomainMD5
Domain100MD545REPORTBeyond the Surface: the ev
scroll to zoom · drag to pan · click IOC to open