← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cloudflare Threat Intelligence Research - Unraveling SloppyLemming’s operations across South Asia
WHITE jacksparrow 2024-10-04 Modified: 2024-11-03
69
IOCs
HIGH VOLUME
Cloudforce One has published the results of an investigation into SloppyLemming, an advanced cyber-espionage actor that targets South Asia and is believed to be targeting government and other institutions.
cloudforcecloudforce onepakistansloppylemmingdiscordwinrarinternetsri lankabangladeshcloudflarecobalt strikehavocindonesiamissionzimbraukrainepowershellcookbox
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
COOKBOX
Indicators of Compromise (69)
All CVE URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-38831 2024-10-04
URL http://pitb.zapto.org/webdav/ 2024-10-04
URL http://pitb.zapto.org/webdav/pitb 2024-10-04
domain 168-gov.info 2024-10-04
domain adobefileshare.com 2024-10-04
domain aljazeerak.online 2024-10-04
domain apl-com.icu 2024-10-04
domain apl-org.online 2024-10-04
domain attachment.click 2024-10-04
domain cflayerprotection.com 2024-10-04
domain cloudlflares.com 2024-10-04
domain crec-bd.site 2024-10-04
domain email.click 2024-10-04
domain hascolgov.info 2024-10-04
domain helpdesk-lab.site 2024-10-04
domain hit-pk.org 2024-10-04
domain humariweb.info 2024-10-04
domain itsupport-gov.com 2024-10-04
domain jammycanonicalupdates.cloud 2024-10-04
domain link.click 2024-10-04
domain maldevfudding.com 2024-10-04
domain modp-pk.org 2024-10-04
domain mofapak.info 2024-10-04
domain navybd-gov.info 2024-10-04
domain opensecurity-legacy.com 2024-10-04
domain paknavy-pk.org 2024-10-04
domain quran-books.store 2024-10-04
domain updpcn.online 2024-10-04
hostname accounts.opensecurity-legacy.com 2024-10-04
hostname acrobat.paknavy-pk.org 2024-10-04
hostname api.opensecurity-legacy.com 2024-10-04
hostname bin.opensecurity-legacy.com 2024-10-04
hostname blabla.apl-com.icu 2024-10-04
hostname browser.apl-org.online 2024-10-04
hostname cloud.adobefileshare.com 2024-10-04
hostname cloud.cflayerprotection.com 2024-10-04
hostname confidential.zapto.org 2024-10-04
hostname data.cloudlflares.com 2024-10-04
hostname dawn.apl-org.online 2024-10-04
hostname docs.apl-com.icu 2024-10-04
hostname fonts.apl-org.online 2024-10-04
hostname frontend-m.opensecurity-legacy.com 2024-10-04
hostname hesco.hascolgov.info 2024-10-04
hostname hurr.zapto.org 2024-10-04
hostname locaal.navybd-gov.info 2024-10-04
hostname localhost.apl-com.icu 2024-10-04
hostname locall.hascolgov.info 2024-10-04
hostname login.apl-org.online 2024-10-04
hostname m.opensecurity-legacy.com 2024-10-04
hostname mail.apl-com.icu 2024-10-04
hostname mail.pakistangov.com 2024-10-04
hostname mailpitb-securedocs.zapto.org 2024-10-04
hostname monitor.opensecurity-legacy.com 2024-10-04
hostname mozilla.apl-org.online 2024-10-04
hostname new.apl-org.online 2024-10-04
hostname oil.hascolgov.info 2024-10-04
hostname openkm.paknavy-pk.org 2024-10-04
hostname owa-spamcheck.apl-org.online 2024-10-04
hostname pitb.zapto.org 2024-10-04
hostname redzone.apl-org.online 2024-10-04
hostname redzone2.apl-org.online 2024-10-04
hostname sco.zapto.org 2024-10-04
hostname secure.cflayerprotection.com 2024-10-04
hostname secure.cloudlflares.com 2024-10-04
hostname sensors.opensecurity-legacy.com 2024-10-04
hostname static.opensecurity-legacy.com 2024-10-04
hostname update.apl-org.online 2024-10-04
hostname www.cloudlflares.com 2024-10-04
hostname zero-berlin-covenant.apl-org.online 2024-10-04
References (1)
↗ https://www.cloudflare.com/threat-intelligence/research/report/unraveling-sloppylemmings-operations-across-south-asia/