← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SideWinder targets the maritime and nuclear sectors with an updated toolset
WHITE CyberHunter_NL 2025-03-11 Modified: 2025-03-11
70
IOCs
HIGH VOLUME
Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw attention to the group, which was aggressively extending its activities beyond their typical targets, infecting government entities, logistics companies and maritime infrastructures in South and Southeast Asia, the Middle East, and Africa. We also shared further information about SideWinder’s post-exploitation activities and described a new sophisticated implant designed specifically for espionage.
.netaptdefense evasionhtajavascriptmalwaremalware descriptionsmalware technologiesshellcodesidewinderspear phishingtargeted attacksbackdoorloaderstealerbotafricapakistansri lankachinanepalsoutheast asiacve201711882downloaderinstallerimplantindonesiaphilippines
Indicators of Compromise (70)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2017-11882 2025-03-11
FileHash-MD5 0216ffc6fb679bdf4ea6ee7051213c1e 2025-03-11
FileHash-MD5 313f9bbe6dac3edc09fe9ac081950673 2025-03-11
FileHash-MD5 3d9961991e7ae6ad2bae09c475a1bce8 2025-03-11
FileHash-MD5 433480f7d8642076a8b3793948da5efe 2025-03-11
FileHash-MD5 872c2ddf6467b1220ee83dca0e118214 2025-03-11
FileHash-MD5 a694ccdb82b061c26c35f612d68ed1c2 2025-03-11
FileHash-MD5 bd8043127abe3f5cfa61bd2174f54c60 2025-03-11
FileHash-MD5 d36a67468d01c4cb789cd6794fb8bc70 2025-03-11
FileHash-MD5 e0bce049c71bc81afe172cd30be4d2b7 2025-03-11
FileHash-MD5 e9726519487ba9e4e5589a8a5ec2f933 2025-03-11
FileHash-MD5 f42ba43f7328cbc9ce85b2482809ff1c 2025-03-11
FileHash-SHA1 013ead0c89431a69bbe7e7b39a1095dc4faea456 SHA1 of f42ba43f7328cbc9ce85b2482809ff1c 2025-03-11
FileHash-SHA1 334f3313b03bbfeaae6fc7a0257d4fd8cb6dd751 SHA1 of a694ccdb82b061c26c35f612d68ed1c2 2025-03-11
FileHash-SHA1 5a12b7f4214ac1f79f2b613fb482e58701dfaaa6 SHA1 of e9726519487ba9e4e5589a8a5ec2f933 2025-03-11
FileHash-SHA1 639ccf8e2e0643b0d93db9ebf508ac0f1836cccd SHA1 of bd8043127abe3f5cfa61bd2174f54c60 2025-03-11
FileHash-SHA1 69069ac1c9bdc97ff1d060d4fc9f42b91c25669b SHA1 of 3d9961991e7ae6ad2bae09c475a1bce8 2025-03-11
FileHash-SHA1 71daaff7ba2b92e69a5e94c0efa2f5a097bcd65c SHA1 of 0216ffc6fb679bdf4ea6ee7051213c1e 2025-03-11
FileHash-SHA1 81d00923f2e9e0bae7c51ffbcb66409dd9a3da05 SHA1 of 433480f7d8642076a8b3793948da5efe 2025-03-11
FileHash-SHA1 84b4b2705018e38253796cd3f84ee68694d9b9c0 SHA1 of d36a67468d01c4cb789cd6794fb8bc70 2025-03-11
FileHash-SHA1 96cafccda39d2dd06e22b33ca37504405439c23d SHA1 of 313f9bbe6dac3edc09fe9ac081950673 2025-03-11
FileHash-SHA1 dbc5756895b6585527bd6ebc4411ea6a4a6e2886 SHA1 of 872c2ddf6467b1220ee83dca0e118214 2025-03-11
FileHash-SHA256 30735312101e60a697f161abba62ca359eed240d2e612b1ff7bed6523b28730d SHA256 of f42ba43f7328cbc9ce85b2482809ff1c 2025-03-11
FileHash-SHA256 44ff1117bb0167f85d599236892deede636c358df3d8908582a6ce6a48070bd4 SHA256 of 433480f7d8642076a8b3793948da5efe 2025-03-11
FileHash-SHA256 5740947bb9267e1be8281edc31b3fb2d57a71d2c96a47eeeaa6482c0927aa6a4 SHA256 of 0216ffc6fb679bdf4ea6ee7051213c1e 2025-03-11
FileHash-SHA256 57d761453bbc6ba9ace467f4491d7a19b9c7e097f81d9772efbcd2f43ada4dce SHA256 of 872c2ddf6467b1220ee83dca0e118214 2025-03-11
FileHash-SHA256 76daea942654d8175f642696fc758b03767db14ca5dda9994797a3f95a34294a SHA256 of a694ccdb82b061c26c35f612d68ed1c2 2025-03-11
FileHash-SHA256 865f5b3b1ee94d89ad9a9840f49a17d477cddfc3742c5ef78d77a6027ad1caa5 SHA256 of d36a67468d01c4cb789cd6794fb8bc70 2025-03-11
FileHash-SHA256 a84b3dd5f7d29d8d257fdef0ede512ae09e6cd5be7681b9466a5c60f6f877c2b SHA256 of 3d9961991e7ae6ad2bae09c475a1bce8 2025-03-11
FileHash-SHA256 aacaf712cf67176f159657be2fbd0fce018aa03b890cb1616b146eddb1de73be SHA256 of bd8043127abe3f5cfa61bd2174f54c60 2025-03-11
FileHash-SHA256 d9e373aeea5fe0c744f0de94fdd366b5b6da816209ac394cbbda1c64c03b50b1 SHA256 of e9726519487ba9e4e5589a8a5ec2f933 2025-03-11
FileHash-SHA256 fa95fadc73e5617305a6b71f77e9d255d14402650075107f2272f131d3cf7b00 SHA256 of 313f9bbe6dac3edc09fe9ac081950673 2025-03-11
URL http://dgtk.depo-govpk.com/19263687/trui 2025-03-11
URL https://dgtk.depo-govpk.com/19263687/trui 2025-03-11
URL https://dgtk.depo-govpk.com/19263687/trui' 2025-03-11
domain aliyum.email 2025-03-11
domain crontec.site 2025-03-11
domain d0cumentview.info 2025-03-11
domain d0wnlaod.com 2025-03-11
domain d0wnlaod.org 2025-03-11
domain debcon.live 2025-03-11
domain defencearmy.pro 2025-03-11
domain depo-govpk.com 2025-03-11
domain dirctt88.info 2025-03-11
domain dirctt888.com 2025-03-11
domain dirctt888.info 2025-03-11
domain directt88.com 2025-03-11
domain document-viewer.info 2025-03-11
domain document-viewer.live 2025-03-11
domain documentviewer.info 2025-03-11
domain dowmload.co 2025-03-11
domain dowmloade.org 2025-03-11
domain downl0ad.org 2025-03-11
domain file-dwnld.org 2025-03-11
domain mevron.tech 2025-03-11
domain mod-kh.info 2025-03-11
domain modpak-info.services 2025-03-11
domain modpak.info 2025-03-11
domain mods.email 2025-03-11
domain ms-office.pro 2025-03-11
domain mteron.info 2025-03-11
domain pmd-offc.info 2025-03-11
domain pmd-office.info 2025-03-11
domain pncert.info 2025-03-11
domain portdedjibouti.live 2025-03-11
domain session-out.com 2025-03-11
domain veorey.live 2025-03-11
domain zeltech.live 2025-03-11
domain ziptec.info 2025-03-11
hostname dgtk.depo-govpk.com 2025-03-11
References (1)
↗ https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/