IOC Radar
TLP:WHITE13 IOCs

Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan

SE
Seqrite
Published May 29, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYAPT36INFRASTRUCTUREhttps://abimj.edu.af/…https://abimj.edu.af/…http://abimj.edu.af/i…CAPABILITYAsyncRATVICTIMunknown
Adversary(1)
Infrastructure(4)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise13

TypeIndicatorConfidenceScoreFirst Seen
SHA256a63e90ee57a1f213a8fe76ef1a6cff5ae9ed7ebceda258431533825e648c0c67
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2568f2d979ef33b2900351c94c7335275a9342c75189e1a901998e90a539e944a1a
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA25699127c8c67d90e2776beeb85281f9c68399bf4567b07a6b638d68b760212e88d
file-hashintel-blogmalware
High
61
Jun 2, 26
SHA256194b912c242604d6f9a79369f22338c58a13ce0cc2ed280ce505075808bc2f14
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLhttps://abimj.edu.af/institute/7/
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA2563b4194bdfe40d94031a94b30397ffd8a4b09d0a4057668e897b8bdcd1703dd01
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA2560019212f25eb04bbb33bb194879c095265db7855d6003bdd777cf0cbb90eb772
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLhttps://abimj.edu.af/institute/10/
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256df9173a28c0b0b878c10a53d35cd7ce6f6ed66d207b6b7c4ff723721f1c027ab
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLhttp://abimj.edu.af/institute/cloudiyaf/document.pdf.
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA2569ae3d785486022af82ea92e51b26e3f55c1bba88a7be2ad9790f4240e8499d14
file-hashintel-blogmalware
Medium
53
Jun 2, 26
URLhttp://abimj.edu.af/institute/cloudiya/
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA2565833917bd137804f5a021d2cb37adfe5c4b7b67dbb06d59c3b9c5cf393835e45
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph13 total IOCs
SHA256URL
SHA2569URL4Actors1Malware1REPORTOperation XENOFISCAL: SideAPT36AsyncRAT
scroll to zoom · drag to pan · click IOC to open