← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SideWinder APT's post-exploitation framework analysis
WHITE RAZOR TIGER AlienVault 2024-10-15 Modified: 2024-10-15
240
IOCs
HIGH VOLUME
SideWinder APT group has expanded its activities, targeting high-profile entities in the Middle East and Africa. The group employs a multi-stage infection chain using spear-phishing emails with malicious attachments. A new post-exploitation toolkit called 'StealerBot' has been discovered, designed for espionage activities. The infection process involves remote template injection, RTF exploits, and malicious LNK files. SideWinder's infrastructure uses numerous domains with subdomains mimicking legitimate organizations. Targets include government, military, logistics, infrastructure, telecommunications, financial institutions, universities, and oil trading companies across multiple countries.
moduleinstallerinfrastructurespear-phishingespionagebackdoor loader moduleaptcve-2017-11882stealerbotrtf exploitpost-exploitation
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
StealerBot Backdoor loader module ModuleInstaller
Indicators of Compromise (240)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2017-11882 2024-10-15
FileHash-MD5 0fbb71525d65f0196a9bfbffea285b18 2024-10-15
FileHash-MD5 101a63ecdd8c68434c665bf2b1d3ffc7 2024-10-15
FileHash-MD5 1b0114d4720af20f225e2fbd653cd296 2024-10-15
FileHash-MD5 1be93704870afd0b22a4475014f199c3 2024-10-15
FileHash-MD5 1c36177ac4423129e301c5a40247f180 2024-10-15
FileHash-MD5 1ed7ad166567c46f71dc703e55d31c7a 2024-10-15
FileHash-MD5 2011658436a7b04935c06f59a5db7161 2024-10-15
FileHash-MD5 22e3a5970ae84c5f68b98f3b19dd980b 2024-10-15
FileHash-MD5 26aa30505d8358ebeb5ee15aecb1cbb0 2024-10-15
FileHash-MD5 2f0e150e3d6dbb1624c727d1a641e754 2024-10-15
FileHash-MD5 2f4ba98dcd45e59fca488f436ab13501 2024-10-15
FileHash-MD5 3233db78e37302b47436b550a21cdaf9 2024-10-15
FileHash-MD5 32fc462f80b44013caeada725db5a2d1 2024-10-15
FileHash-MD5 3a036a1846bfeceb615101b10c7c910e 2024-10-15
FileHash-MD5 3a6916192106ae3ac7e55bd357bc5eee 2024-10-15
FileHash-MD5 3ede84d84c02aa7483eb734776a20dea 2024-10-15
FileHash-MD5 412b6ac53aeadb08449e41dccffb1abe 2024-10-15
FileHash-MD5 423e150d91edc568546f0d2f064a8bf1 2024-10-15
FileHash-MD5 44dbdd87b60c20b22d2a7926ad2d7bea 2024-10-15
FileHash-MD5 47f51c7f31ab4a0d91a0f4c07b2f99d7 2024-10-15
FileHash-MD5 4a5e818178f9b2dc48839a5dbe0e3cc1 2024-10-15
FileHash-MD5 4c40fcb2a12f171533fc070464db96d1 2024-10-15
FileHash-MD5 515d2d6f91ba4b76847301855dfc0e83 2024-10-15
FileHash-MD5 52a7a3100310400e4655fb6cf204f024 2024-10-15
FileHash-MD5 54aadadcf77dec53b2566fe61b034384 2024-10-15
FileHash-MD5 56e7d6b5c61306096a5ba22ebbfb454e 2024-10-15
FileHash-MD5 5718c0d69939284ce4f6e0ce580958df 2024-10-15
FileHash-MD5 5cc784afb69c153ab325266e8a7afaf4 2024-10-15
FileHash-MD5 6cf6d55a3968e2176db2bba2134bbe94 2024-10-15
FileHash-MD5 71f11a359243f382779e209687496ee2 2024-10-15
FileHash-MD5 7e97cbf25eef7fc79828c033049822af 2024-10-15
FileHash-MD5 7f357621ba88a2a52b8146492364b6e0 2024-10-15
FileHash-MD5 8202209354ece5c53648c52bdbd064f0 2024-10-15
FileHash-MD5 86eeb037f5669bff655de1e08199a554 2024-10-15
FileHash-MD5 873079cd3e635adb609c38af71bad702 2024-10-15
FileHash-MD5 8d7c43913eba26f96cd656966c1e26d5 2024-10-15
FileHash-MD5 8e8b61e5fb6f6792f2bee0ec947f1989 2024-10-15
FileHash-MD5 8f83d19c2efc062e8983bce83062c9b6 2024-10-15
FileHash-MD5 92dd91a5e3dfb6260e13c8033b729e03 2024-10-15
FileHash-MD5 95a49406abce52a25f0761f92166c18a 2024-10-15
FileHash-MD5 a107f27e7e9bac7c38e7778d661b78ac 2024-10-15
FileHash-MD5 a7aad43a572f44f8c008b9885cf936cf 2024-10-15
FileHash-MD5 b0f0c29f4143605d5f958eba664cc295 2024-10-15
FileHash-MD5 b3650a88a50108873fc45ad3c249671a 2024-10-15
FileHash-MD5 b69867ee5b9581687cef96e873b775ff 2024-10-15
FileHash-MD5 ba2914b59c7ae08c346fc5a984dcc219 2024-10-15
FileHash-MD5 bf16760ee49742225fdb2a73c1bd83c7 2024-10-15
FileHash-MD5 c3ce4094b3411060928143f63701aa2e 2024-10-15
FileHash-MD5 c87eb71ff038df7b517644fa5c097eac 2024-10-15
FileHash-MD5 d0d1fba6bb7be933889ace0d6955a1d7 2024-10-15
FileHash-MD5 d3136d7151f60ec41a370f4743c2983b 2024-10-15
FileHash-MD5 d885df399fc9f6c80e2df0c290414c2f 2024-10-15
FileHash-MD5 dfe750747517747afa2cee76f2a0f8e4 2024-10-15
FileHash-MD5 e1bdfa55227d37a71cdc248dc9512296 2024-10-15
FileHash-MD5 e706fc65f433e54538a3dbb1c359d75f 2024-10-15
FileHash-MD5 ea4b3f023bac3ad1a982cace9a6eafc3 2024-10-15
FileHash-MD5 eef9c0a9e364b4516a83a92592ffc831 2024-10-15
FileHash-MD5 f3058ac120a2ae7807f36899e27784ea 2024-10-15
FileHash-MD5 f492b2d5431985078b85c78661e20c09 2024-10-15
FileHash-MD5 f72f57aa894f7efbef7574a9e853406d 2024-10-15
FileHash-MD5 f840c721e533c05d152d2bc7bf1bc165 2024-10-15
FileHash-MD5 fcb2bc2caf7456cd9c2ffab633c1aa0b 2024-10-15
FileHash-SHA1 02cb2c5e31961b9b3229f14b35a003da23928778 2024-10-15
FileHash-SHA1 1c28c495c6c8794afe594580fb2958874781698f 2024-10-15
FileHash-SHA1 33f221579f95f623025b464f22a20da66be2b273 2024-10-15
FileHash-SHA1 3f26b7480d1db1234b998c65fae542c6fee0ef21 2024-10-15
FileHash-SHA1 44c836f99f8b945830781d9580cb7f77bfafc843 2024-10-15
FileHash-SHA1 4e95a0a27ff336f1193acdd975a53a6f02ee3443 2024-10-15
FileHash-SHA1 683210af38ef15f1bacb67ddc42f085bee05cf35 2024-10-15
FileHash-SHA1 848e1880211a544a8c9b82cc45e2969e42e86168 2024-10-15
FileHash-SHA1 85500978ed7a617eb1eaae873498523bb9cb0b28 2024-10-15
FileHash-SHA1 888505c6f1ee1998f66fbcaf7e3ec6e8452b8efb 2024-10-15
FileHash-SHA1 97b1bf8f984ce9c17e48473409b9670741260ed5 2024-10-15
FileHash-SHA1 a55b555b59b140dda913af0187f45b29398276fb 2024-10-15
FileHash-SHA1 b3453e58af7d90949ef6843f380f5ccfa9b4943d 2024-10-15
FileHash-SHA1 b8d6ec69b83954467c392b8fccdc60d4a459c718 2024-10-15
FileHash-SHA1 c50caa49156a1ce5cfb2df20ab3a5292e81c54bf 2024-10-15
FileHash-SHA1 c69ddab74b224a0a8642f5455f4fca30147af4e3 2024-10-15
FileHash-SHA1 c9614bc93ccde8ddf06ba06512c218473cad8256 2024-10-15
FileHash-SHA1 d65c2f100acd9f42138661ee3620ff51471b4e1a 2024-10-15
FileHash-SHA1 e2942f1605dd5310239d557017c5b90d645e5889 2024-10-15
FileHash-SHA256 15ce7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646 2024-10-15
FileHash-SHA256 170ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9f 2024-10-15
FileHash-SHA256 1a88ef58675971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323 2024-10-15
FileHash-SHA256 2a183e571fa26a7f74943c42d3997c6b18ed133ee4b749fb1770ffadd7241f1e 2024-10-15
FileHash-SHA256 55a0bbde3e32c559715cdc9c7d30d003b9e14725a6369d30edef20c1ed6dd994 2024-10-15
FileHash-SHA256 613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a 2024-10-15
FileHash-SHA256 8780e03bbbe833f797509f9ca0b3fd37eb84b63299a88723c82d9518c56bd5a7 2024-10-15
FileHash-SHA256 89d4d85592bf0b5e8b55c2d62c9050bfa8c3017f9f497134dbacbb2a0f13a09e 2024-10-15
FileHash-SHA256 8d4b11acce641ec5b33b3fc90ec82a2fcdf2e243cb33558e16d7321488a2c70b 2024-10-15
FileHash-SHA256 922bb79cbb76f2b51d5709500d87a55142a38368b4289fb5b45c1318c6a31cf6 2024-10-15
FileHash-SHA256 931aee9ba0e51804cb354a3a41830721e41a0fab6758aa19a43eaf1abe621b4d 2024-10-15
FileHash-SHA256 9ce32ce5e2b70fec7f749e7868d89a4e3e739fed9c75cd6c4ec6eafde4c3711a 2024-10-15
FileHash-SHA256 9d02bf092fdcf44a51ae6e264ec3e3e57afbe79622c92a797e33fb62ed495cda 2024-10-15
FileHash-SHA256 a11fab6de2c5111833e9e4a6f69ce5dded17085a3d8ae21c7fcfa00d7e113c9b 2024-10-15
FileHash-SHA256 b565bd60e9182746de76feeebe7f85902e22ee3a22d5d55a278be7340923806e 2024-10-15
FileHash-SHA256 be271f5e1c588e8f46c988bdae35cef90b0621c42e4195bec5e456d167097f0d 2024-10-15
FileHash-SHA256 e1ae44d26899969d520789e23c777d6c07785da23454664ad12b2783946a617c 2024-10-15
FileHash-SHA256 e21396bf5f9936310b4f53273db330a9620d78c1c744277b0e9126f0afdbc29d 2024-10-15
FileHash-SHA256 e858d6d5e93f768e0cb9271a6e9a841086a14ff7abe3ee51d5f69f9a6c325028 2024-10-15
URL http://dynamic.nactagovpk.org/0df7b2_download 2024-10-15
URL http://dynamic.nactagovpk.org/27419a_download 2024-10-15
URL http://dynamic.nactagovpk.org/735e3a_download 2024-10-15
URL http://dynamic.nactagovpk.org/735e3a_download?data= 2024-10-15
URL http://dynamic.nactagovpk.org/ef1c4f_download 2024-10-15
URL http://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/0ywcg/4dfc92c?name=stg64 2024-10-15
URL http://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/3ysvj/955da0ae?name=rflr 2024-10-15
URL http://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/bf7dy/111e9a21?name=inpl64 2024-10-15
URL http://pafgovt.com/mod/rnd/214/15109/14786/X6HPUSbM5luLGTzAhI12Ly8CfydiP869E 2024-10-15
URL http://sa.direct888.net/015094_consulategz\ 2024-10-15
URL http://split.tyoin.biz/7n6at/g3mnr/1691394613799/f0f9e572 2024-10-15
URL https://dynamic.nactagovpk.org/0df7b2_download 2024-10-15
URL https://dynamic.nactagovpk.org/27419a_download 2024-10-15
URL https://dynamic.nactagovpk.org/735e3a_download 2024-10-15
URL https://dynamic.nactagovpk.org/735e3a_download?data= 2024-10-15
URL https://dynamic.nactagovpk.org/ef1c4f_download 2024-10-15
URL https://mora.healththebest.com/8eee4f/mora/hta?q=0 2024-10-15
URL https://nasc.org.np/news/closing-ceremony-training-program-financial-management-and-audit-officials-nepal-oil 2024-10-15
URL https://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/0ywcg/4dfc92c?name=stg64 2024-10-15
URL https://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/3ysvj/955da0ae?name=rflr 2024-10-15
URL https://nventic.info/mod/rnd/214/632/56/w3vfa3BaoAyKPfNnshLHQvQHCaPmqNpNVnZMLxXY/1/1712588158138/bf7dy/111e9a21?name=inpl64 2024-10-15
URL https://pafgovt.com/mod/rnd/214/15109/14786/X6HPUSbM5luLGTzAhI12Ly8CfydiP869E 2024-10-15
URL https://split.tyoin.biz/7n6at/g3mnr/1691394613799/f0f9e572 2024-10-15
domain 126-com.live 2024-10-15
domain 163inc.com 2024-10-15
domain afmat.tech 2024-10-15
domain alit.live 2024-10-15
domain aliyum.tech 2024-10-15
domain aliyumm.tech 2024-10-15
domain asyn.info 2024-10-15
domain ausibedu.org 2024-10-15
domain bol-south.org 2024-10-15
domain cnsa-gov.org 2024-10-15
domain colot.info 2024-10-15
domain comptes.tech 2024-10-15
domain condet.org 2024-10-15
domain conft.live 2024-10-15
domain dafpak.org 2024-10-15
domain decoty.tech 2024-10-15
domain defenec.net 2024-10-15
domain defpak.org 2024-10-15
domain detru.info 2024-10-15
domain dgps-govpk.co 2024-10-15
domain dgps-govpk.com 2024-10-15
domain dinfed.co 2024-10-15
domain dirctt88.co 2024-10-15
domain dirctt88.net 2024-10-15
domain direct88.co 2024-10-15
domain direct888.net 2024-10-15
domain directt888.com 2024-10-15
domain donwload-file.com 2024-10-15
domain donwloaded.com 2024-10-15
domain donwloaded.net 2024-10-15
domain dowmload.net 2024-10-15
domain downld.net 2024-10-15
domain download-file.net 2024-10-15
domain downloadabledocx.com 2024-10-15
domain dynat.tech 2024-10-15
domain dytt88.org 2024-10-15
domain e1ix.mov 2024-10-15
domain fia-gov.com 2024-10-15
domain fia-gov.net 2024-10-15
domain gov-govpk.info 2024-10-15
domain govpk.info 2024-10-15
domain govpk.net 2024-10-15
domain grouit.tech 2024-10-15
domain gtrec.info 2024-10-15
domain healththebest.com 2024-10-15
domain jmicc.xyz 2024-10-15
domain kernet.info 2024-10-15
domain kretic.info 2024-10-15
domain lforvk.com 2024-10-15
domain mfa-gov.info 2024-10-15
domain mfa-gov.net 2024-10-15
domain mfa-govt.net 2024-10-15
domain mfacom.org 2024-10-15
domain mfagov.org 2024-10-15
domain mfas.pro 2024-10-15
domain mitlec.site 2024-10-15
domain mmcert.org.mm 2024-10-15
domain mod-gov-pk.live 2024-10-15
domain mofa.email 2024-10-15
domain mofagovs.org 2024-10-15
domain moittpk.net 2024-10-15
domain moittpk.org 2024-10-15
domain mshealthcheck.live 2024-10-15
domain nactagovpk.org 2024-10-15
domain nasc.org.np 2024-10-15
domain navy-mil.co 2024-10-15
domain newmofa.com 2024-10-15
domain newoutlook.live 2024-10-15
domain nopler.live 2024-10-15
domain ntcpak.live 2024-10-15
domain ntcpak.org 2024-10-15
domain ntcpk.info 2024-10-15
domain ntcpk.net 2024-10-15
domain numpy.info 2024-10-15
domain numzy.net 2024-10-15
domain nventic.info 2024-10-15
domain office-drive.live 2024-10-15
domain pafgovt.com 2024-10-15
domain paknavy-gov.org 2024-10-15
domain paknavy-govpk.info 2024-10-15
domain paknavy-govpk.net 2024-10-15
domain pdfrdr-update.com 2024-10-15
domain pdfrdr-update.info 2024-10-15
domain pmd-office.com 2024-10-15
domain pmd-office.live 2024-10-15
domain pmd-office.org 2024-10-15
domain portdedjibouti.com 2024-10-15
domain ptcl-net.com 2024-10-15
domain scrabt.tech 2024-10-15
domain shipping-policy.info 2024-10-15
domain sjfu-edu.co 2024-10-15
domain support-update.info 2024-10-15
domain tazze.co 2024-10-15
domain tex-ideas.info 2024-10-15
domain tni-mil.com 2024-10-15
domain tsinghua-edu.tech 2024-10-15
domain tumet.info 2024-10-15
domain ujsen.net 2024-10-15
domain update-govpk.co 2024-10-15
domain updtesession.online 2024-10-15
domain widge.info 2024-10-15
hostname cabinet-division-pk.fia-gov.com 2024-10-15
hostname dynamic.nactagovpk.org 2024-10-15
hostname mmcert-org-mm.donwloaded.com 2024-10-15
hostname mod-gov-bd.direct888.net 2024-10-15
hostname mofa-gov-sa.direct888.net 2024-10-15
hostname mora.healththebest.com 2024-10-15
hostname navy-lk.direct888.net 2024-10-15
hostname nextgen.paknavy-govpk.net 2024-10-15
hostname opmcm-gov-np.fia-gov.net 2024-10-15
hostname portdedjibouti.shipping-policy.info 2024-10-15
hostname portdjibouti.pmd-office.org 2024-10-15
hostname premier.moittpk.org 2024-10-15
hostname sa.direct888.net 2024-10-15
hostname split.tyoin.biz 2024-10-15
hostname srilanka-navy.lforvk.com 2024-10-15
References (1)
↗ https://securelist.com/sidewinder-apt/114089/