← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Evasive SideWinder APT Campaign Detected
WHITE SideWinder Tr1sa111 2025-12-24 Modified: 2026-01-19
32
IOCs
MEDIUM VOLUME
phishingmysetup.execloud storageaptdll side-loadingindiageofencingincome tax departmentmpgear.dllurl shorteners
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
MpGear.dll mysetup.exe
Indicators of Compromise (32)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 537abad75fc343690119851610d9b54b 2025-12-24
FileHash-MD5 6a3b5fed4383a2e54d70b4a01c44ba01 2025-12-24
FileHash-MD5 7f397f286905114b94da3ec9052cb89d 2025-12-24
FileHash-MD5 eb5bd49b6eef60ff85892ef7c8015b01 2025-12-24
FileHash-SHA1 27c009dd858214be785455ea97b42b4103309331 2025-12-24
FileHash-SHA1 8d61f9c6205c30f4e88ced1076dc79acb2ec2b69 2025-12-24
FileHash-SHA1 a5f381bd3e08b0e91c61382c7de8ae78f7d69a6e 2025-12-24
FileHash-SHA256 13474f4e82b8fa13c6e43009433720e07e0485971293afdc5867849b9fac8f09 2025-12-24
FileHash-SHA256 415be77f99144c27e2612e1021043f61302b28e28fa3262b1792c1e4a9d668d4 2025-12-24
FileHash-SHA256 950ad7a33457a1a37a0797316cdd2fbaf9850f7165425274351d08b3c01ed2d8 2025-12-24
domain gfmqvip.vip 2025-12-24
domain gofjasj.help 2025-12-24
domain googleaxc.shop 2025-12-24
domain googlehkcom.com 2025-12-24
domain googlevip.icu 2025-12-24
domain googlevip.shop 2025-12-24
domain googlewery.cyou 2025-12-24
domain googlewww.qpon 2025-12-24
domain gsrydkjz.cyou 2025-12-24
domain hetyqraftryt.cyou 2025-12-24
domain mrysaqw.qpon 2025-12-24
domain oopae.icu 2025-12-24
domain oopv.shop 2025-12-24
domain oytdwzz.shop 2025-12-24
domain qqooe.click 2025-12-24
domain sow4.shop 2025-12-24
domain stockjp.top 2025-12-24
domain wgooglegoogle.com 2025-12-24
domain wwsxcpl.shop 2025-12-24
domain wwwqqo.icu 2025-12-24
domain zhantugaokao.com 2025-12-24
domain zibenbang.vip 2025-12-24
References (1)
↗ https://www.zscaler.com/blogs/security-research/zscaler-threat-hunting-catches-evasive-sidewinder-apt-campaign