← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Unraveling SloppyLemming’s operations across South Asia
WHITE SloppyLemming tr2222200 2024-11-21 Modified: 2024-11-21
72
IOCs
HIGH VOLUME
cobalt strikenekrowirehavoc
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Cobalt Strike - S0154 Havoc NekroWire
Indicators of Compromise (72)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2023-38831 2024-11-21
FileHash-MD5 659ab8cb034e557fce0c3ecd631f3590 2024-11-21
FileHash-MD5 e2a32e7d772a9a4eeccee9c71ec3a6d4 2024-11-21
FileHash-MD5 fa40357daaa8ed8e73eeef25f0f478ac 2024-11-21
FileHash-SHA1 9b45b35d577680022e20d20dc7052463398ccf36 2024-11-21
FileHash-SHA1 b53de85852479ea2a772bd3407b9e4d38eb1e1e7 2024-11-21
FileHash-SHA1 bc490c61ce87efc0faf93dd4160219ef303e3e1d 2024-11-21
FileHash-SHA256 06f82a8d80ec911498e3493ebefa8ad45e102dd887ce2edc11f8f51bafab2e80 2024-11-21
FileHash-SHA256 3dfb8d198de95090e2ad3ffc9d9846af5c3074563acb0ce5b0ef62b20e4bf432 2024-11-21
FileHash-SHA256 82e99ceea9e6d31555b0f2bf637318fd97e5609e3d4d1341aec39db2e26cf211 2024-11-21
FileHash-SHA256 95cf90b2610c6f0ec67c1d669cd252468f6c3b8eaeea588f342d2bd74d90e093 2024-11-21
FileHash-SHA256 a3c9b56a0ce787d7aa7787d9ff0e806a6fb0b216327591b1e1113391c609fd17 2024-11-21
FileHash-SHA256 ac3dff91982709f575cfbc6954b61130b4eeab5d3759772db220f1b76836be4d 2024-11-21
FileHash-SHA256 b6ae5b714f18ca40a111498d0991e1e30cd95317b4904d2ef0d49937f0552000 2024-11-21
FileHash-SHA256 e3bc0246ab95b527aa86e52e62f554ab8db04523f35aee50b508d0fa48ab49f7 2024-11-21
FileHash-SHA256 fb4397c837c7e401712764f953723153d5bb462bc944518959288ea47dec6446 2024-11-21
domain cflayerprotection.com 2024-11-21
domain cloudlflares.com 2024-11-21
domain crec-bd.site 2024-11-21
domain email.click 2024-11-21
domain hit-pk.org 2024-11-21
domain humariweb.info 2024-11-21
domain itsupport-gov.com 2024-11-21
domain jammycanonicalupdates.cloud 2024-11-21
domain link.click 2024-11-21
domain modp-pk.org 2024-11-21
domain mofapak.info 2024-11-21
domain opensecurity-legacy.com 2024-11-21
domain paknavy-pk.org 2024-11-21
domain quran-books.store 2024-11-21
domain updpcn.online 2024-11-21
hostname accounts.opensecurity-legacy.com 2024-11-21
hostname acrobat.paknavy-pk.org 2024-11-21
hostname api.opensecurity-legacy.com 2024-11-21
hostname bin.opensecurity-legacy.com 2024-11-21
hostname blabla.apl-com.icu 2024-11-21
hostname browser.apl-org.online 2024-11-21
hostname cloud.adobefileshare.com 2024-11-21
hostname cloud.cflayerprotection.com 2024-11-21
hostname confidential.zapto.org 2024-11-21
hostname data.cloudlflares.com 2024-11-21
hostname dawn.apl-org.online 2024-11-21
hostname docs.apl-com.icu 2024-11-21
hostname fonts.apl-org.online 2024-11-21
hostname frontend-m.opensecurity-legacy.com 2024-11-21
hostname hesco.hascolgov.info 2024-11-21
hostname hurr.zapto.org 2024-11-21
hostname locaal.navybd-gov.info 2024-11-21
hostname localhost.apl-com.icu 2024-11-21
hostname locall.hascolgov.info 2024-11-21
hostname login.apl-org.online 2024-11-21
hostname m.opensecurity-legacy.com 2024-11-21
hostname mail.apl-com.icu 2024-11-21
hostname mail.pakistangov.com 2024-11-21
hostname mailpitb-securedocs.zapto.org 2024-11-21
hostname monitor.opensecurity-legacy.com 2024-11-21
hostname oil.hascolgov.info 2024-11-21
hostname openkm.paknavy-pk.org 2024-11-21
hostname owa-spamcheck.apl-org.online 2024-11-21
hostname pitb.zapto.org 2024-11-21
hostname redzone.apl-org.online 2024-11-21
hostname redzone2.apl-org.online 2024-11-21
hostname sco.zapto.org 2024-11-21
hostname secure.cflayerprotection.com 2024-11-21
hostname secure.cloudlflares.com 2024-11-21
hostname sensors.opensecurity-legacy.com 2024-11-21
hostname static.opensecurity-legacy.com 2024-11-21
hostname update.apl-org.online 2024-11-21
hostname www.168-gov.info 2024-11-21
hostname www.cloudlflares.com 2024-11-21
hostname www.crec-bd.site 2024-11-21
hostname zero-berlin-covenant.apl-org.online 2024-11-21
References (1)
↗ https://blog.cloudflare.com/unraveling-sloppylemming-operations/