Pulse Detail — Threat Intelligence

PULSE NAME

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

WHITE SideWinder Tr1sa111 2025-01-16 Modified: 2025-01-16

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1047 T1059.007 T1204.002 T1140 T1480 T1027 T1203 T1518.001 T1221 T1071.001 T1105

Indicators of Compromise (58)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL YARA domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2017-0199	—	2025-01-16
CVE	CVE-2017-11882	—	2025-01-16
FileHash-MD5	2462db3be57df824f003f74d7a16cacb	—	2025-01-16
FileHash-MD5	3233db78e37302b47436b550a21cdaf9	—	2025-01-16
FileHash-MD5	379edeaa9ed92ebe6091177417b2c751	—	2025-01-16
FileHash-MD5	8d7c43913eba26f96cd656966c1e26d5	—	2025-01-16
FileHash-MD5	9345d52abd5bab4320c1273eb2c90161	—	2025-01-16
FileHash-MD5	9a1c49322a9d950c047c2edfc781b778	—	2025-01-16
FileHash-MD5	c60b41f0981f617fa83a73704a10e147	—	2025-01-16
FileHash-MD5	d0d1fba6bb7be933889ace0d6955a1d7	—	2025-01-16
FileHash-MD5	e0bce049c71bc81afe172cd30be4d2b7	—	2025-01-16
FileHash-SHA1	38210349974efaf4d7aac78538d04aa2256e4e99	—	2025-01-16
FileHash-SHA1	3f26b7480d1db1234b998c65fae542c6fee0ef21	—	2025-01-16
FileHash-SHA1	97b1bf8f984ce9c17e48473409b9670741260ed5	—	2025-01-16
FileHash-SHA1	b8d6ec69b83954467c392b8fccdc60d4a459c718	—	2025-01-16
FileHash-SHA256	006e5fe0c01712391c54319a9d1579d7208f3cfa9f49fe56a14d93f0d0e8928b	—	2025-01-16
FileHash-SHA256	142c6a4c7e9efbf6f3176df3ff218449bb4f7b2a69d60060e6339f1c3cc95d93	—	2025-01-16
FileHash-SHA256	512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9	—	2025-01-16
FileHash-SHA256	613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a	—	2025-01-16
FileHash-SHA256	9572312a12605c6a6ea6447af6fc063f4196aeba523ed38ce2c5ff51c33d4831	—	2025-01-16
FileHash-SHA256	9ce32ce5e2b70fec7f749e7868d89a4e3e739fed9c75cd6c4ec6eafde4c3711a	—	2025-01-16
FileHash-SHA256	b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53	—	2025-01-16
FileHash-SHA256	ceb93ee3093dbf1a49918ede81055018d9c0f0945a97f904a16951010cfbce61	—	2025-01-16
FileHash-SHA256	e21396bf5f9936310b4f53273db330a9620d78c1c744277b0e9126f0afdbc29d	—	2025-01-16
URL	http://investigation04.session-out.com/fbd901_harassment/doc.rtf	—	2025-01-16
URL	https://heatwave.paknavy.store/pn/510426/doc.rtf	—	2025-01-16
URL	https://mailarmylk.mods.email/Ltr86-ef2265ef	—	2025-01-16
URL	https://mofa-gov-sa.direct888.net/015094_consulategz	—	2025-01-16
URL	https://moitt-gov-pk.fia-gov.net/643705null	—	2025-01-16
URL	https://moitt-gov-pk.fia-gov.net/720705null	—	2025-01-16
URL	https://mora.pdfadobe.com/d8149d32/mora/doc.rtf	—	2025-01-16
URL	https://reports.dgps-govtpk.com/63645534-case/doc.rtf	—	2025-01-16
URL	https://salary-cutting.session-out.com/37656199_notice/doc.rtf	—	2025-01-16
YARA	249eea98c84b2a2d248e1a91043964746f1d474b	—	2025-01-16
domain	dgps-govtpk.com	—	2025-01-16
domain	paknavy-govpk.com	—	2025-01-16
domain	paknavy.store	—	2025-01-16
domain	session-out.com	—	2025-01-16
hostname	ftp.mods.email	—	2025-01-16
hostname	gta5.mods.email	—	2025-01-16
hostname	heatwave.paknavy.store	—	2025-01-16
hostname	investigation04.session-out.com	—	2025-01-16
hostname	mailafdgovbd.mods.email	—	2025-01-16
hostname	mailarmylk.mods.email	—	2025-01-16
hostname	mailarmymilbd.mods.email	—	2025-01-16
hostname	mailforegngovmv.mods.email	—	2025-01-16
hostname	mailmofagovmm.mods.email	—	2025-01-16
hostname	mailmofagovmv.mods.email	—	2025-01-16
hostname	mailmofagovmv.mods.emailmailmofagovnp.mods.email	—	2025-01-16
hostname	mailmofagovnp.mods.email	—	2025-01-16
hostname	mailnepalarmymil.mods.email	—	2025-01-16
hostname	mailnepalarmymilnp.mods.email	—	2025-01-16
hostname	mofa-gov-sa.direct888.net	—	2025-01-16
hostname	moitt-gov-pk.fia-gov.net	—	2025-01-16
hostname	mora.pdfadobe.com	—	2025-01-16
hostname	paknavy.dgps-govtpk.com	—	2025-01-16
hostname	reports.dgps-govtpk.com	—	2025-01-16
hostname	salary-cutting.session-out.com	—	2025-01-16

References (1)

↗ https://blogs.blackberry.com/en/2024/07/sidewinder-targets-ports-and-maritime-facilities-in-the-mediterranean-sea