← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
WHITE Tr1sa111 2026-03-18 Modified: 2026-03-18
21
IOCs
MEDIUM VOLUME
cve-2025-43510state-sponsoredcorunaghostsaberioscommercial surveillancecve-2025-43520cve-2026-20700ghostbladezero-daydarkswordcve-2025-31277watering holeexploit chaincve-2025-43529cve-2025-14174ghostknife
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
GHOSTBLADE GHOSTKNIFE GHOSTSABER
Indicators of Compromise (21)
All CVE FileHash-SHA256 URL FileHash-SHA1 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2025-14174 2026-03-18
CVE CVE-2025-31277 2026-03-18
CVE CVE-2025-43510 2026-03-18
CVE CVE-2025-43520 2026-03-18
CVE CVE-2025-43529 2026-03-18
CVE CVE-2026-20700 2026-03-18
FileHash-SHA256 2e5a56beb63f21d9347310412ae6efb29fd3db2d3a3fc0798865a29a3c578d35 2026-03-18
URL https://snapshare.chat/ 2026-03-18
URL https://static.cdncounter.net/assets/index.html 2026-03-18
URL https://static.cdncounter.net/widgets.js?uhfiu27fajf2948fjfefaa42 2026-03-18
FileHash-SHA1 0afa88a4dde47b4ad21dc1de87293814fc51499c 2026-03-18
FileHash-SHA1 bac0e0ef16c3c657967bd2155ba6d8a6ef1df6a7 2026-03-18
FileHash-SHA1 d2f1ea6229a205b693508c39f654dd8e3475763c 2026-03-18
FileHash-SHA1 f4bc68581c02d6f390a8a56ff1c5d04e002afb39 2026-03-18
domain 0x1fedd2.open 2026-03-18
domain 0x436cc4.open 2026-03-18
domain sahibndn.io 2026-03-18
domain snapshare.chat 2026-03-18
hostname e5.malaymoil.com 2026-03-18
hostname sqwas.shapelie.com 2026-03-18
hostname static.cdncounter.net 2026-03-18
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain