← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SideWinder targets the maritime and nuclear sectors with an updated toolset
WHITE CyberHunter_NL 2025-03-11 Modified: 2025-03-11
70
IOCs
HIGH VOLUME
Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw attention to the group, which was aggressively extending its activities beyond their typical targets, infecting government entities, logistics companies and maritime infrastructures in South and Southeast Asia, the Middle East, and Africa. We also shared further information about SideWinder’s post-exploitation activities and described a new sophisticated implant designed specifically for espionage.
.netaptdefense evasionhtajavascriptmalwaremalware descriptionsmalware technologiesshellcodesidewinderspear phishingtargeted attacksbackdoorloaderstealerbotafricapakistansri lankachinanepalsoutheast asiacve201711882downloaderinstallerimplantindonesiaphilippines
Indicators of Compromise (11 / 70 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0216ffc6fb679bdf4ea6ee7051213c1e 2025-03-11
FileHash-MD5 313f9bbe6dac3edc09fe9ac081950673 2025-03-11
FileHash-MD5 3d9961991e7ae6ad2bae09c475a1bce8 2025-03-11
FileHash-MD5 433480f7d8642076a8b3793948da5efe 2025-03-11
FileHash-MD5 872c2ddf6467b1220ee83dca0e118214 2025-03-11
FileHash-MD5 a694ccdb82b061c26c35f612d68ed1c2 2025-03-11
FileHash-MD5 bd8043127abe3f5cfa61bd2174f54c60 2025-03-11
FileHash-MD5 d36a67468d01c4cb789cd6794fb8bc70 2025-03-11
FileHash-MD5 e0bce049c71bc81afe172cd30be4d2b7 2025-03-11
FileHash-MD5 e9726519487ba9e4e5589a8a5ec2f933 2025-03-11
FileHash-MD5 f42ba43f7328cbc9ce85b2482809ff1c 2025-03-11
References (1)
↗ https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/