← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SOC files: an APT41 attack on government IT services in Africa
WHITE APT41 Tr1sa111 2025-08-25 Modified: 2025-09-19
47
IOCs
MEDIUM VOLUME
targeted attackafricacheckoutdll sideloadinglateral movementsharepointmimikatzpillagerdata exfiltrationgovernmentcobalt strike
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Cobalt Strike - S0154 Pillager Checkout Mimikatz
Indicators of Compromise (47)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 100b463eff8295ba617d3ad6df5325c6 2025-08-25
FileHash-MD5 125b257520d16d759b112399c3cd1466 2025-08-25
FileHash-MD5 15097a32b515d10ad6d793d2d820f2a8 2025-08-25
FileHash-MD5 2cd15977b72d5d74fadedfde2ce8934f 2025-08-25
FileHash-MD5 2f9d2d8c4f2c50cc4d2e156b9985e7ca 2025-08-25
FileHash-MD5 3021c9bca4ef3aa672461ecadc4718e6 2025-08-25
FileHash-MD5 3af014db9be1a04e8b312b55d4479f69 2025-08-25
FileHash-MD5 4708a2ae3a5f008c87e68ed04a081f18 2025-08-25
FileHash-MD5 740d6eb97329944d82317849f9bbd633 2025-08-25
FileHash-MD5 91d10c25497cadb7249d47ae8ec94766 2025-08-25
FileHash-MD5 9b00b6f93b70f09d8b35fa9a22b3cba1 2025-08-25
FileHash-MD5 9b4f0f94133650b19474af6b5709e773 2025-08-25
FileHash-MD5 9d53a0336acfb9e4df11162ccf7383a0 2025-08-25
FileHash-MD5 a052536e671c513221f788de2e62316c 2025-08-25
FileHash-MD5 a236dce873845ba4d3ccd8d5a4e1aefd 2025-08-25
FileHash-MD5 c149252a0a3b1f5724fd76f704a1e0af 2025-08-25
FileHash-MD5 c3ed337e2891736db6334a5f1d37dc0f 2025-08-25
FileHash-MD5 c7188c39b5c53ecbd3aec77a856ddf0c 2025-08-25
FileHash-MD5 f1025fcad036aad8bf124df8c9650bbc 2025-08-25
FileHash-SHA1 07c506111432ea816cd51df612dbdb76effeb2f1 2025-08-25
FileHash-SHA1 2774dbe468e6c324f61e3fb4501524d6ee296c7f 2025-08-25
FileHash-SHA1 6d307b7ffc87ead081a892a17b0c4db49801fb76 2025-08-25
FileHash-SHA1 732b97138e6050309f1f2894b5f52f14bcc090fc 2025-08-25
FileHash-SHA1 a198565f40b1d9a60d26e691423793f883a7d888 2025-08-25
FileHash-SHA1 c55f39a2cc7f648bbb26622b264767d246de9156 2025-08-25
FileHash-SHA256 0320e0824327fb3c81024aebcf51ead26deefd3dccced2ea9269bd0d85a2970b 2025-08-25
FileHash-SHA256 612e534e695269ac6408bf1f5f62372756bb354bd01bea6073e9fe1d9b548597 2025-08-25
FileHash-SHA256 7e33c5150cd320ffa1f895b80de818bffd987d3bc90bc8712445075b1ebf3e9e 2025-08-25
FileHash-SHA256 c4f747e0d9830263ae7558cb489ed89cd27c332d2f4ff762b368940653b83d6f 2025-08-25
FileHash-SHA256 c8ffacb598ba8505b189b0e06906c78959d49839d4dc8ac201a3c9874f6af609 2025-08-25
FileHash-SHA256 cb9a14fa6950912b2486706e095fafc30b33d4dd3639e4151ea1e9c5a04040b5 2025-08-25
URL http://chyedweeyaxkavyccenwjvqrsgvyj0o1y.oast.fun/aaa 2025-08-25
URL http://github.githubassets.net/okaqbfk867hmx2tvqxhc8zyq9fy694gf/hta 2025-08-25
URL http://toun.callback.red/aaa 2025-08-25
FileHash-SHA1 4e70b571f4c0cf51dfd31c5ed8cc58cd9cfa4d7f 2025-08-25
domain azure.online 2025-08-25
domain msn-microsoft.org 2025-08-25
domain s3-azure.com 2025-08-25
domain upload-microsoft.com 2025-08-25
hostname ap-northeast-1.s3-azure.com 2025-08-25
hostname chyedweeyaxkavyccenwjvqrsgvyj0o1y.oast.fun 2025-08-25
hostname github.githubassets.net 2025-08-25
hostname ns1.s3-azure.com 2025-08-25
hostname ns2.s3-azure.com 2025-08-25
hostname toun.callback.red 2025-08-25
hostname www.msn-microsoft.org 2025-08-25
hostname www.upload-microsoft.com 2025-08-25
References (1)
↗ https://securelist.com/apt41-in-africa/116986