← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Analysis of SideWinder APT activity between June and November 2021
WHITE Sand-Storm 2023-02-20 Modified: 2023-03-22
169
IOCs
HIGH VOLUME
The full text of the text below:-1-2-3-4-5-6-7-9-year-old Cymru, 2.5 million euros, 1.6m euros.
h31l0old snakenew skinsidewinder aptjune andnovemberindicators ofcompromise urlsmowa
Indicators of Compromise (169)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00f6982debf7fc28b7e70b041bc22cf7 2023-02-20
FileHash-MD5 01feae91b15c37d5d58618451c7fcf57 2023-02-20
FileHash-MD5 021861ae8dc2eeab6b2986f0af643cee 2023-02-20
FileHash-MD5 04f7ee1aa5e29d2f2d4ea6b539d20709 2023-02-20
FileHash-MD5 095030d42cefb12ee8fb1a8d2dbef4a3 2023-02-20
FileHash-MD5 0f569619d72a3a2badb3e7e69d1fc94b 2023-02-20
FileHash-MD5 1316e5145efd2a6d82dbc33410b69683 2023-02-20
FileHash-MD5 160a332b1e28971064e2f44fad14babf 2023-02-20
FileHash-MD5 17743667e4e29fec6f8b71cdabd47ec1 2023-02-20
FileHash-MD5 17d66ae8e32c586923677dc56a22ae2b 2023-02-20
FileHash-MD5 19cea8c2a22bf7d5a786983b324fc937 2023-02-20
FileHash-MD5 231e6366d5b1e7c684f63921d9097090 2023-02-20
FileHash-MD5 23417e5c65927f1e73998199b1dc6003 2023-02-20
FileHash-MD5 24a88fca7725981f3d5dbb766fb0767d 2023-02-20
FileHash-MD5 252cc1a69ba32dcc8a5841b7626cd140 2023-02-20
FileHash-MD5 3109ae02079db84abff08a4ddd5a5110 2023-02-20
FileHash-MD5 34b8817982254d9709f87db945e12afa 2023-02-20
FileHash-MD5 39bccfe10fc1e24c27509b6505bef3a7 2023-02-20
FileHash-MD5 3cfec3d66520eb77dead7ac70f06c8c2 2023-02-20
FileHash-MD5 3dd1369d5b45f50370dfbc3c60287886 2023-02-20
FileHash-MD5 4752856003c476608dc1944338506212 2023-02-20
FileHash-MD5 4af5e9611013eb5ef9d08a3cd66cb6a0 2023-02-20
FileHash-MD5 4d34329836c858ca7c7c5bf22e5c3349 2023-02-20
FileHash-MD5 4df53532bdaf69945edf1846ddbfe6c4 2023-02-20
FileHash-MD5 50f66be55e3c7d89e65e774d71426334 2023-02-20
FileHash-MD5 5983537131dbedc0779b5f50882c728a 2023-02-20
FileHash-MD5 600039efc96c796ac44c3b2863869237 2023-02-20
FileHash-MD5 618e7a815b388e68fd2ec632bc6a8b02 2023-02-20
FileHash-MD5 6213d95f58280a7931abe949e1b30e7e 2023-02-20
FileHash-MD5 663ad35d9a681ee977814d19e55d4059 2023-02-20
FileHash-MD5 6856ae442ed396ac95413e4b9539f7b7 2023-02-20
FileHash-MD5 730641108d7c95bb2934e9288ac19094 2023-02-20
FileHash-MD5 7d025c9837fe3dd3438439b7e4341b87 2023-02-20
FileHash-MD5 7eb59dc87ac4757adbc17dae7474df27 2023-02-20
FileHash-MD5 82c0928f9813872dd01fafc1b86f9950 2023-02-20
FileHash-MD5 8545959474dfa399a2f110d1b3c4bc71 2023-02-20
FileHash-MD5 86763d690fc795ad9158275ac1084bbf 2023-02-20
FileHash-MD5 86fe7c6a9216c1e3f051fc730da072ef 2023-02-20
FileHash-MD5 878c1e2cda1c850fea366814f0adb071 2023-02-20
FileHash-MD5 886ff7bbb94a2baf9cccc2181dfedf47 2023-02-20
FileHash-MD5 887f91d60d5ed4f8af7045116f51f730 2023-02-20
FileHash-MD5 88bd19251cd981aa54c0eafe112b5b69 2023-02-20
FileHash-MD5 89e8fbaf59f12c43e28131dc1cea7d4a 2023-02-20
FileHash-MD5 8a398f16286e53bd908d7ebec6016b92 2023-02-20
FileHash-MD5 8b61f3c23fbec009c0c5bf38eff2786c 2023-02-20
FileHash-MD5 8d53f04dd2bc99ff5d36ce4cd5c31950 2023-02-20
FileHash-MD5 97ff48091ed4c3e05fae84815be267d4 2023-02-20
FileHash-MD5 9d1c4a81b3fc136a8efbfa70ee67055f 2023-02-20
FileHash-MD5 9fc107dadd73d765af96dbd07b89369b 2023-02-20
FileHash-MD5 a5cb519b803c1ed6fdd148b6e330f651 2023-02-20
FileHash-MD5 a5e502c4a218999ecaefebabef636141 2023-02-20
FileHash-MD5 a79871769b2d933c327549ef4f8e29be 2023-02-20
FileHash-MD5 a9a924a997cdb24c6db34f2d02f9340f 2023-02-20
FileHash-MD5 a9fd2fdd02c5a3eeed1537160d89d306 2023-02-20
FileHash-MD5 ab1b080fbc8df54bcdeb7f852291d8e9 2023-02-20
FileHash-MD5 abb036733115cb70854fa2cb41293912 2023-02-20
FileHash-MD5 b002cead75d66ba20d0dc5daad1963bd 2023-02-20
FileHash-MD5 b364e0118e1cae8b0fbc379b44813b3e 2023-02-20
FileHash-MD5 b5f61fe7d6922abc2af122e5e5046d28 2023-02-20
FileHash-MD5 b6ef99c2eb1fd2bdf8b49ced842f1abc 2023-02-20
FileHash-MD5 b9bf6ad9cba6f6fde0f6a13ba36032e2 2023-02-20
FileHash-MD5 bbaa1265e4e7bfcec1dd13e119535f28 2023-02-20
FileHash-MD5 c5a0ff75fb5b2b2301cd6ae06a27d2a0 2023-02-20
FileHash-MD5 c60a8735c9775f83b260e3e221a65298 2023-02-20
FileHash-MD5 c76c70142285f300c14e94a24ba5ecfe 2023-02-20
FileHash-MD5 ce1503465e4ad467348ea1e87ba91b34 2023-02-20
FileHash-MD5 d0b6a32234d72f5cec8e6f76b548e64b 2023-02-20
FileHash-MD5 d2a267d6aed00dfc9921a43c5ebea75d 2023-02-20
FileHash-MD5 d4c15f0f99cba8289482dc5a247ae742 2023-02-20
FileHash-MD5 db8d2afc0430ead65bcc57247e87c2a1 2023-02-20
FileHash-MD5 dc237f843e04054ac24df52dda9f2157 2023-02-20
FileHash-MD5 e07c8d25cd01a4c2d1ece1ade57105a8 2023-02-20
FileHash-MD5 e26194c0efa09666815fc97a9759d410 2023-02-20
FileHash-MD5 e34b0d7298b4c6f8e1a2d5171a3a0339 2023-02-20
FileHash-MD5 e52af8b812d53b0b427b530aed8d7570 2023-02-20
FileHash-MD5 e80111260e79327c679fc9d9afbfd24f 2023-02-20
FileHash-MD5 ee7ae3e91069828104742b1786b1ba3f 2023-02-20
FileHash-MD5 eef67ae2d8d5094f039fc511792b75ca 2023-02-20
FileHash-MD5 f1e924918731fc255602e444b76871b9 2023-02-20
FileHash-MD5 f907472fe142a1c15e58f0d80368cea5 2023-02-20
FileHash-MD5 fb4f6ae18b71369a81950f54a9fbb0b4 2023-02-20
FileHash-MD5 fc2221f653ec081c3117d639c4503b01 2023-02-20
FileHash-MD5 fc7a50b1699a1bbc8e579565597116ce 2023-02-20
FileHash-MD5 fc8218519bc29024bd7a8f3aab5d666c 2023-02-20
FileHash-MD5 ff32c0a9f3396290009277767e76ae22 2023-02-20
FileHash-SHA1 0ea8bb9950585da9969e4da760837fa88505542a SHA1 of 00f6982debf7fc28b7e70b041bc22cf7 2023-02-20
FileHash-SHA1 0f0e18be1811c48beb4a75a7502f4ff9a36996c1 SHA1 of ff32c0a9f3396290009277767e76ae22 2023-02-20
FileHash-SHA1 0f9728572ab153f369b84ffb01304b570c26ed48 SHA1 of 4d34329836c858ca7c7c5bf22e5c3349 2023-02-20
FileHash-SHA1 27e3e40c5c2c3f68e99032da97d842fbda77fad8 SHA1 of a5cb519b803c1ed6fdd148b6e330f651 2023-02-20
FileHash-SHA1 31f7710704bd32b78557bfa03fb3b5ecb9fc1b4b SHA1 of 878c1e2cda1c850fea366814f0adb071 2023-02-20
FileHash-SHA1 5450789133e9781397e20437d9df712d8a1690f1 SHA1 of c5a0ff75fb5b2b2301cd6ae06a27d2a0 2023-02-20
FileHash-SHA1 55f27fd30916b063c05d94ae41040154570fefd3 SHA1 of f1e924918731fc255602e444b76871b9 2023-02-20
FileHash-SHA1 953cf4a476ed66cba88d39a04f0462ef760562c4 SHA1 of 8d53f04dd2bc99ff5d36ce4cd5c31950 2023-02-20
FileHash-SHA1 9f94ab3f1f1fffe7548ada786c2bd37aabacd38e SHA1 of 01feae91b15c37d5d58618451c7fcf57 2023-02-20
FileHash-SHA1 c0267450353df1a9dee7c792a4f9e1688c107e62 SHA1 of d2a267d6aed00dfc9921a43c5ebea75d 2023-02-20
FileHash-SHA1 d211a06910265ef99be11e3140e36533a05174c1 SHA1 of 97ff48091ed4c3e05fae84815be267d4 2023-02-20
FileHash-SHA1 da4bc0556e5603801777390588479bbec9e8ae78 SHA1 of d4c15f0f99cba8289482dc5a247ae742 2023-02-20
FileHash-SHA1 f707f78fe02a3bc0a01b36f23cf1b96d7c2461f7 SHA1 of 6856ae442ed396ac95413e4b9539f7b7 2023-02-20
FileHash-SHA1 f72d2f06ee7aeaa9180e9ba3132192332dcc1bf8 SHA1 of 04f7ee1aa5e29d2f2d4ea6b539d20709 2023-02-20
FileHash-SHA256 085b579176f3321a36788a74ca7a37f1488c76cf58278722e1ee2e8b6e1a4a19 SHA256 of f1e924918731fc255602e444b76871b9 2023-02-20
FileHash-SHA256 13ff13f72cc2e748af334b000cbb5f1f6e3f8debe7b01c197d1a43a837373e93 SHA256 of 8d53f04dd2bc99ff5d36ce4cd5c31950 2023-02-20
FileHash-SHA256 2bbe58d484a2b22974b29f2a7de35ce787105d55f53bf41a2e9d75ac908854ea SHA256 of d4c15f0f99cba8289482dc5a247ae742 2023-02-20
FileHash-SHA256 2e844ab5eca01c6949c7d041cae3ff55331e06bdbb7427f4954088d1457d5032 SHA256 of 01feae91b15c37d5d58618451c7fcf57 2023-02-20
FileHash-SHA256 3bbae53fc00449166fd9255b3f3192deba0b81b41b6e173d454c398a857b5094 SHA256 of 6856ae442ed396ac95413e4b9539f7b7 2023-02-20
FileHash-SHA256 5d16dd6eb42154dba8c2535712ee87a97010ec50a1ddb44ba4a29dc8dea2e59c SHA256 of 878c1e2cda1c850fea366814f0adb071 2023-02-20
FileHash-SHA256 6c53faf0ab7d8eb5a17e526e77f113e467bd1ba0c269f05e53248eb9b82c9413 SHA256 of 4d34329836c858ca7c7c5bf22e5c3349 2023-02-20
FileHash-SHA256 8cb4ed2d3f3f466f2417b95856ac0eb268a578e6bfd26c615b2a4adc0094ecd2 SHA256 of a5cb519b803c1ed6fdd148b6e330f651 2023-02-20
FileHash-SHA256 8eb311a48c6bb32577dac1844372513fbc66e0093351206fb17679ebd1272135 SHA256 of ff32c0a9f3396290009277767e76ae22 2023-02-20
FileHash-SHA256 af5bd7227c2dbaf524c1e74b7a4bf088809a872c11c31c423765efebbc6b26b7 SHA256 of 97ff48091ed4c3e05fae84815be267d4 2023-02-20
FileHash-SHA256 e9d550d9a18dd0efee23eb189ba79917d39e5c33fc1dfac662248868c260f073 SHA256 of 04f7ee1aa5e29d2f2d4ea6b539d20709 2023-02-20
FileHash-SHA256 f120cb306cb9e2cc0fbfb47e6bd4fdf2a3eea0447a933bc922f33ff458b43a86 SHA256 of d2a267d6aed00dfc9921a43c5ebea75d 2023-02-20
FileHash-SHA256 f4ab529f16fd2e88c1e552fdaacacf59c40cf863dfa6356beadaf310d5ae6544 SHA256 of 00f6982debf7fc28b7e70b041bc22cf7 2023-02-20
FileHash-SHA256 f65d3d22383e5cdefadbe74771a4ec7ff67b22f7ecaab227d9632c15c5d420b4 SHA256 of c5a0ff75fb5b2b2301cd6ae06a27d2a0 2023-02-20
URL http://185.163.47.226/$/ncp/China_Nepal_Tie.pdf 2023-02-20
URL http://185.163.47.226/$/ncp/ncp.hta 2023-02-20
URL http://185.163.47.226/$/ncp/scvhost.txt 2023-02-20
URL http://185.163.47.226/$/nepal/2.pdf 2023-02-20
URL http://185.163.47.226/$/nepal/npa.hta 2023-02-20
URL http://185.163.47.226/$/nepal/scvhost.txt 2023-02-20
URL http://185.163.47.226/$/ntc/Wang_Yi_Statement_to_ 2023-02-20
URL http://185.163.47.226/$/ntc/cmfa.hta 2023-02-20
URL http://185.163.47.226/$/ntc/press.pdf 2023-02-20
URL http://185.163.47.226/$/ntc/scvhost.txt 2023-02-20
URL http://45.153.240.66/$/nea/ch.txt 2023-02-20
URL http://45.153.240.66/$/nitc/ch.txt 2023-02-20
URL http://45.153.240.66/$/npol/scvhost.txt 2023-02-20
URL http://45.153.240.66/$/ntc/ch.txt 2023-02-20
URL http://45.153.240.66/$/opmcm/OPMCM.pdf 2023-02-20
URL http://45.153.240.66/$/opmcm/ch.txt 2023-02-20
URL http://45.153.240.66/$/scvhost.txt 2023-02-20
URL http://45.153.240.66/@/MOWA/4.txt 2023-02-20
URL http://45.153.240.66/@/MOWA/server.txt 2023-02-20
URL http://linux-stable.sytes.net/armylapen.sgfssdkf 2023-02-20
URL http://mail-mohs.ddns.net/MOWA/scvhost.txt 2023-02-20
URL http://mail-mohs.ddns.net/MOWA/systemlog.txt 2023-02-20
URL http://mail.nepal.gavnp.org/$/nea/latest.hta 2023-02-20
URL http://microsoft-patches.servehttp.com/@/@/h31l0/t.txt 2023-02-20
URL http://microsoft-updates.servehttp.com/@/MOWA/tele.txt 2023-02-20
URL http://microsoft-winupdate.servehttp.com/@/MOWA/ 2023-02-20
URL http://nic-share.myftp.org/Drive/cloudstatus.txt 2023-02-20
URL http://webmail-org.servehttp.com/@/@/h31l0 2023-02-20
URL http://webmail-org.servehttp.com/@/@/h31l0/ 2023-02-20
URL http://webmail-org.servehttp.com/@/@/h31l0/d.txt 2023-02-20
domain nucleusvision.co 2023-02-20
hostname akamai.servehttp.com 2023-02-20
hostname bankofceylon.sytes.net 2023-02-20
hostname domain-lk.sytes.net 2023-02-20
hostname expolanka.serveftp.com 2023-02-20
hostname foreign-mv.sytes.net 2023-02-20
hostname lankabelltd.myftp.org 2023-02-20
hostname linux-stable.sytes.net 2023-02-20
hostname mail-mohs.ddns.net 2023-02-20
hostname mail.gavaf.org 2023-02-20
hostname mail.nepal.gavnp.org 2023-02-20
hostname microsoft-patches.servehttp.com 2023-02-20
hostname microsoft-updates.servehttp.com 2023-02-20
hostname microsoft-winupdate.servehttp.com 2023-02-20
hostname microsoft.redirectme.net 2023-02-20
hostname ncit-gov.sytes.net 2023-02-20
hostname nic-share.myftp.org 2023-02-20
hostname nucleusvision.sytes.net 2023-02-20
hostname outlook.gavaf.org 2023-02-20
hostname sltelecom.servehttp.com 2023-02-20
hostname sltmobitel.hopto.org 2023-02-20
hostname srilankanairlines.redirectme.net 2023-02-20
hostname webmail-org.servehttp.com 2023-02-20
hostname webmail.gavaf.org 2023-02-20
hostname windefupdate.sytes.net 2023-02-20
hostname windowupdate.myftp.org 2023-02-20
References (1)
↗ https://www.group-ib.com/media-center/press-releases/sidewinder-apt-report/