← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
DISGOMOJI Malware Used to Target Indian Government | Volexity
WHITE Armature_TIP 2025-02-22 Modified: 2025-03-24
98
IOCs
HIGH VOLUME
An Indian-linked cyber-attack group (APT) has been targeting government and private entities in the defence sector since October 2023, according to research by security firm SEQRITE Labs.
uta0137disgomojivolexitygolangdiscordindiadiscord serverbossdirtypipebackhand indexchiselclockerrorligolotargetflashdownloadfindfebruary#dsop#rustawes#oshi#rusticweb#ias#operation#powershell#parichay#operationrusticweb#defencepowershelldecemberdefenceoctoberipr formdepartmentchildrendsopministryrustdecoyemotetenumeratenim
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Golang Nim
Indicators of Compromise (98)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2022-0847 2025-02-22
FileHash-MD5 2d4a5050c7ea6c83665807df151e067e MD5 of e5182d13d66c3efaa7676510581d622f98471895 2025-02-22
FileHash-MD5 8bf9cf1363e404a9ad3e0fa9e53057cb MD5 of 3dff44bede709295fffd3ae3e9599f6ab8197af4 2025-02-22
FileHash-MD5 cd7067d58e2319ebc8ed0ecd6b61b2b6 MD5 of 2dfe824d0298201e0efb30f16b3ce8a409ffe006 2025-02-22
FileHash-MD5 d5f2e3fafbb0701dc0f1adccc7141e63 MD5 of 0d4111ab5471c7f5b909bff336ba8cd66f9d8630 2025-02-22
FileHash-SHA1 0d4111ab5471c7f5b909bff336ba8cd66f9d8630 2025-02-22
FileHash-SHA1 1443e58a298458c30ab91b37c0335bdadbacd756 2025-02-22
FileHash-SHA1 2dfe824d0298201e0efb30f16b3ce8a409ffe006 2025-02-22
FileHash-SHA1 3dff44bede709295fffd3ae3e9599f6ab8197af4 2025-02-22
FileHash-SHA1 e1bdb995998ab338fc596777a78121fc49f002b5 2025-02-22
FileHash-SHA1 e5182d13d66c3efaa7676510581d622f98471895 2025-02-22
FileHash-SHA256 1e45d68106ca78f46be508427362b8ce24fdf5485c368f9369c913935cf04f99 SHA256 of 3dff44bede709295fffd3ae3e9599f6ab8197af4 2025-02-22
FileHash-SHA256 38e1c0ca15ed83ed27148c31a31e0b33de627519ab2929d4aa69484534589086 SHA256 of 2dfe824d0298201e0efb30f16b3ce8a409ffe006 2025-02-22
FileHash-SHA256 c981aa1f05adf030bacffc0e279cf9dc93cef877f7bce33ee27e9296363cf002 SHA256 of e5182d13d66c3efaa7676510581d622f98471895 2025-02-22
FileHash-SHA256 d9f29a626857fa251393f056e454dfc02de53288ebe89a282bad38d03f614529 SHA256 of 0d4111ab5471c7f5b909bff336ba8cd66f9d8630 2025-02-22
URL http://ordai.quest/vmcoreinfo 2025-02-22
domain clawsindia.in 2025-02-22
domain ordai.quest 2025-02-22
domain oshi.at 2025-02-22
URL https://oshi.at 2025-02-22
FileHash-MD5 04557782d7017f18ec059fc96d7f2dc8 2025-02-22
FileHash-MD5 13ee4bd10f05ee0499e18de68b3ea4d5 2025-02-22
FileHash-MD5 20b4eb5787faa00474f7d27c0fea1e4b 2025-02-22
FileHash-MD5 237961bbba6d4aa2e0fae720d4ece439 2025-02-22
FileHash-MD5 3ce8dfb3f1bff805cb6b85a9e950b3a2 2025-02-22
FileHash-MD5 501a6d48fd8f80a134cf71db3804cf95 2025-02-22
FileHash-MD5 56cb95b63162d0dfceb30100ded1131a 2025-02-22
FileHash-MD5 635864ff270cf8e366a7747fb5996766 2025-02-22
FileHash-MD5 6d29fc0a73096433ff9449c4bbc4cccc 2025-02-22
FileHash-MD5 9f3359ae571c247a8be28c0684678304 2025-02-22
FileHash-MD5 a696c50dd5d15ba75c9e7f8d3c64997c 2025-02-22
FileHash-MD5 a9182c812c7f7d3e505677a57c8a353b 2025-02-22
FileHash-MD5 b0b6629d35451bcc511c0f2845934c3e 2025-02-22
FileHash-MD5 c9969ece7bb47efac4b3b04cdc1538e5 2025-02-22
FileHash-MD5 d2949a3c4496cb2b4d204b75e24390d9 2025-02-22
FileHash-MD5 da745b60b5ef5b4881c6bc4b7a48d784 2025-02-22
FileHash-MD5 de30abf093bd4dfe6b660079751951c6 2025-02-22
FileHash-MD5 e0102071722a87f119b12434ae651b48 2025-02-22
FileHash-MD5 ee8d767069faf558886f1163a92e4009 2025-02-22
FileHash-MD5 f14e778f4d22df275c817ac3014873dc 2025-02-22
FileHash-MD5 f2501e8b57486c427579eeda20b729fd 2025-02-22
FileHash-MD5 f5d8664cbf4a9e154d4a888e4384cb1d 2025-02-22
FileHash-MD5 f68b17f1261aaa4460d759d95124fbd4 2025-02-22
FileHash-MD5 fc61b985d8c590860f397d943131bfb5 2025-02-22
FileHash-SHA1 038ae7e6e6708cb58db96512515177d84b71e8c2 SHA1 of 9f3359ae571c247a8be28c0684678304 2025-02-22
FileHash-SHA1 049fd2383f193ebdc4964dd959ca7007adc516ac SHA1 of 04557782d7017f18ec059fc96d7f2dc8 2025-02-22
FileHash-SHA1 34cefe42aa8347c39a04eaca5a464fa35d6f1e62 SHA1 of 237961bbba6d4aa2e0fae720d4ece439 2025-02-22
FileHash-SHA1 465ef9d21e73493e9d531378756f91917f9567f4 SHA1 of da745b60b5ef5b4881c6bc4b7a48d784 2025-02-22
FileHash-SHA1 4e2b14b18f5d68ce3dada1061526b03eafcd50b8 SHA1 of c9969ece7bb47efac4b3b04cdc1538e5 2025-02-22
FileHash-SHA1 513b4b604d198f44041ed494ee8c7a7f94ac5038 SHA1 of 635864ff270cf8e366a7747fb5996766 2025-02-22
FileHash-SHA1 5dd201fa53cb5c76103579785a3d220d578dd12a SHA1 of 56cb95b63162d0dfceb30100ded1131a 2025-02-22
FileHash-SHA1 630530b11cbde6de840d7326152c1cb6bae06e0a SHA1 of fc61b985d8c590860f397d943131bfb5 2025-02-22
FileHash-SHA1 6f3f3c533a2b9031362d88bb7414bf332c93dc9d SHA1 of f2501e8b57486c427579eeda20b729fd 2025-02-22
FileHash-SHA1 7515a93da10b7d3f4619a38cc3f1a1bd25ddb847 SHA1 of ee8d767069faf558886f1163a92e4009 2025-02-22
FileHash-SHA1 88949119f88b15722a2b75ca84db7a6bfc822948 SHA1 of 20b4eb5787faa00474f7d27c0fea1e4b 2025-02-22
FileHash-SHA1 892d434f3f59b3b8bd4ca500218a75d39c13ee5b SHA1 of 501a6d48fd8f80a134cf71db3804cf95 2025-02-22
FileHash-SHA1 8c969dbe0fe30244802cda1c8e33b04040831466 SHA1 of 13ee4bd10f05ee0499e18de68b3ea4d5 2025-02-22
FileHash-SHA1 af137c7d1481e45217abd24a96f8aa2b416d294c SHA1 of 3ce8dfb3f1bff805cb6b85a9e950b3a2 2025-02-22
FileHash-SHA1 bcadcb345fc65a9c3d7c78566ad72a77c6076a11 SHA1 of f14e778f4d22df275c817ac3014873dc 2025-02-22
FileHash-SHA1 bfdd02fa593d3858399da6bf591aeb10b2d1da40 SHA1 of f5d8664cbf4a9e154d4a888e4384cb1d 2025-02-22
FileHash-SHA1 c1a80dd5be2de92a5a32d81a9fc146d4fd52ddb6 SHA1 of e0102071722a87f119b12434ae651b48 2025-02-22
FileHash-SHA1 c1c3454ed5bf32f22c855b19618bcd16e6549df8 SHA1 of a9182c812c7f7d3e505677a57c8a353b 2025-02-22
FileHash-SHA1 e19c23d82d7e7e8e45b1d830ddc7ddb85087c4cc SHA1 of f68b17f1261aaa4460d759d95124fbd4 2025-02-22
FileHash-SHA256 03666fb1c21d8a8cf38219691d2218d78eef5b00d20f26c25afde5d9e1daf80a SHA256 of 3ce8dfb3f1bff805cb6b85a9e950b3a2 2025-02-22
FileHash-SHA256 0c284271e3d90a6673d84cf6291f92f32ade7c7f760bbe135880b949b38046ee SHA256 of 20b4eb5787faa00474f7d27c0fea1e4b 2025-02-22
FileHash-SHA256 0cb88c8b8e2969af26678df4d3c395101c49c7c808d2cb2d7a0f00f60bdddcba SHA256 of 501a6d48fd8f80a134cf71db3804cf95 2025-02-22
FileHash-SHA256 1387b77a41e5a244c03ea7f5c90a2e528abe0ed7a4e6cb659183f7112c546046 SHA256 of da745b60b5ef5b4881c6bc4b7a48d784 2025-02-22
FileHash-SHA256 1b1d1d775571232235ed6fb84413eb60593340c1c1ea3b77bd72d3b68058f55c SHA256 of 9f3359ae571c247a8be28c0684678304 2025-02-22
FileHash-SHA256 207334927fc39278e37afe124769ed980e9a8ae86b0346408af64c86a7c99e6a SHA256 of e0102071722a87f119b12434ae651b48 2025-02-22
FileHash-SHA256 26bf853b951e8d8ba6007e9d5c77f441faa739171e95f27f8d3851e07bc65b11 SHA256 of 13ee4bd10f05ee0499e18de68b3ea4d5 2025-02-22
FileHash-SHA256 2cec6bd5e9ff046771623cfa0802cacd78b7521bf61b144e9c8dfa77d994927c SHA256 of f2501e8b57486c427579eeda20b729fd 2025-02-22
FileHash-SHA256 37bfa72c2820bcf9adb8707ae624452e0b769bc1c1f2a24ebb518c6e1794f3e2 SHA256 of a9182c812c7f7d3e505677a57c8a353b 2025-02-22
FileHash-SHA256 3845877017eb07be71820e8514502a3dcd24177540591c5ce2c13aca94caa4ac SHA256 of f14e778f4d22df275c817ac3014873dc 2025-02-22
FileHash-SHA256 3d1b3ba5e1c1d1626595098f042913bc39601c80ab2c934cb994d3c053f218c5 SHA256 of 635864ff270cf8e366a7747fb5996766 2025-02-22
FileHash-SHA256 5db4a85d745f365672dc193f6f82b16a97d892464e7825b2a833dce95052b32a SHA256 of 04557782d7017f18ec059fc96d7f2dc8 2025-02-22
FileHash-SHA256 6c2f18f5d70f794b8826ee2575d973ddb07cbf9d15115973fe92df74079b6412 SHA256 of fc61b985d8c590860f397d943131bfb5 2025-02-22
FileHash-SHA256 76d9654f28bcaa713a99caa2839a572fc999a726827a0216da71ac184cee6d19 SHA256 of f5d8664cbf4a9e154d4a888e4384cb1d 2025-02-22
FileHash-SHA256 af2201af8054e8e11eef7980fe15dc62eb2b7582f4f2bab4d8256f23f6db984e SHA256 of c9969ece7bb47efac4b3b04cdc1538e5 2025-02-22
FileHash-SHA256 db91e23d9715464511057f2e15c9adc97d3f27fcfa308f05ac7e2de7275fdd32 SHA256 of 237961bbba6d4aa2e0fae720d4ece439 2025-02-22
FileHash-SHA256 db9afd2c59f20e04db37ddd38d1e911cdb4bddf39c24e4ce7cedda4eec984604 SHA256 of 56cb95b63162d0dfceb30100ded1131a 2025-02-22
FileHash-SHA256 dfb72668791b4fe28884706b7756b02b951b43219e528b970ceb0369c86e3fd3 SHA256 of ee8d767069faf558886f1163a92e4009 2025-02-22
FileHash-SHA256 fb30e5c67b92dc17d7a6e412f36d9b521842f8d7df38a00584c1362303b26655 SHA256 of f68b17f1261aaa4460d759d95124fbd4 2025-02-22
URL https://awesscholarship.in/ppam/Mail_Check.ps1 2025-02-22
URL https://awesscholarship.in/ppam/syscheck.zip 2025-02-22
URL https://awesscholarship.in/upload/1.pdf 2025-02-22
URL https://awesscholarship.in/upload/DSOP-NOM.zip 2025-02-22
URL https://awesscholarship.in/upload/Ipr.pdf 2025-02-22
URL https://awesscholarship.in/upload/abc009.pdf 2025-02-22
URL https://awesscholarship.in/upload/file.zip 2025-02-22
URL https://awesscholarship.in/upload/file1.zip 2025-02-22
URL https://awesscholarship.in/upload/in.ps1 2025-02-22
URL https://awesscholarship.in/upload/upload.php 2025-02-22
URL https://parichay.epar.in/Win/1.pdf 2025-02-22
URL https://parichay.epar.in/Win/Mail_Check.ps1 2025-02-22
domain awesscholarship.in 2025-02-22
domain parichay.nic.in 2025-02-22
hostname parichay.epar.in 2025-02-22
hostname scholarship.awesindia.com 2025-02-22
References (2)
↗ https://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/?ref=thestack.technology ↗ https://www.seqrite.com/blog/operation-rusticweb-targets-indian-govt-from-rust-based-malware-to-web-service-exfiltration/