Pulse Detail — Threat Intelligence

PULSE NAME

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

WHITE Pawn Storm Tr1sa111 2026-03-30 Modified: 2026-03-30

175

IOCs

HIGH VOLUME

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1053.005 T1114.001 T1566.001 T1055 T1553.005 T1102 T1059.001 T1562.001 T1546.015 T1027.003 T1071.001 T1059.005 T1574.002 T1204.001 T1048.003

MALWARE FAMILIES

PRISMEX PrismexDrop PrismexLoader PrismexStager MiniDoor NotDoor

Indicators of Compromise (175)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname IPv4 email

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	5bd25498c247083954eb47acbd199ee7	—	2026-03-30
FileHash-SHA1	9bfbd8e440c2b7bc43bcfa446cf3d7a19023de9c	—	2026-03-30
FileHash-SHA256	aefd15e3c395edd16ede7685c6e97ca0350a702ee7c8585274b457166e86b1fa	—	2026-03-30
domain	wellnesscaremed.com	—	2026-03-30
hostname	document.script.open	—	2026-03-30
hostname	egest.filen.io	—	2026-03-30
hostname	gateway.filen-1.net	—	2026-03-30
hostname	gateway.filen-6.net	—	2026-03-30
hostname	gateway.filen.io	—	2026-03-30
hostname	gateway.filen.net	—	2026-03-30
hostname	ingest.filen.io	—	2026-03-30
FileHash-MD5	154ff6774294e0e6a46581c8452a77de	—	2026-03-30
FileHash-MD5	15e9255a3e3401e5f6578d2ac45b7850	—	2026-03-30
FileHash-MD5	2f7b4dca1c79e525aef8da537294a6c4	—	2026-03-30
FileHash-MD5	4423b8f3456e54eb48dfbde0b4c7984b	—	2026-03-30
FileHash-MD5	4727582023cd8071a6f388ea3ba2feaa	—	2026-03-30
FileHash-MD5	58f517bdc9ba8de1b69829b0dcf86113	—	2026-03-30
FileHash-MD5	630550e7ae6636c5f1dab5241597c91d	—	2026-03-30
FileHash-MD5	6408276cdfd12a1d5d3ed7256bfba639	—	2026-03-30
FileHash-MD5	6f528ad405bffa4a8c2f61b1fa2172fd	—	2026-03-30
FileHash-MD5	744bbe8d7c3d0421fa0deb582481f5ba	—	2026-03-30
FileHash-MD5	7c396677848776f9824ebe408bbba943	—	2026-03-30
FileHash-MD5	81159738f7ffb50d5bc3c75e5e0ac546	—	2026-03-30
FileHash-MD5	828ff72e8d3dffcc232e6ae2ff100f45	—	2026-03-30
FileHash-MD5	859c4b85ed85e6cc4eadb1a037a61e16	—	2026-03-30
FileHash-MD5	8b8903b0e7b7a1a7f501277624bc7e6b	—	2026-03-30
FileHash-MD5	95e59536455a089ced64f5af2539a449	—	2026-03-30
FileHash-MD5	9d1ad28ba8644e9a8b7e133960cdb512	—	2026-03-30
FileHash-MD5	9fc1df92fd199688b1726933f9e349db	—	2026-03-30
FileHash-MD5	a7d1d249c43c2198a7c8d66db45c66bb	—	2026-03-30
FileHash-MD5	b120e5a38c593246388688b26b9284b4	—	2026-03-30
FileHash-MD5	b6a86f44d0a3fa5a5ac979d691189f2d	—	2026-03-30
FileHash-MD5	d47261e52335b516a777da368208ee91	—	2026-03-30
FileHash-MD5	d58e538b6f762f9c5cf220966e5cdc18	—	2026-03-30
FileHash-MD5	da3ed6eb6cf4255efccf4596bb932a45	—	2026-03-30
FileHash-MD5	e4122e880c1d946f41d36e74056871c2	—	2026-03-30
FileHash-MD5	e4a5c4b205e1b80dc20d9a2fb4126d06	—	2026-03-30
FileHash-MD5	ea6615942f2c23dba7810a6f7d69e2da	—	2026-03-30
FileHash-MD5	ee0b44346db028a621d1dec99f429823	—	2026-03-30
FileHash-MD5	f8d9b7c864fb7558e8bad4cfb5c8e6ff	—	2026-03-30
FileHash-SHA1	01a3230a0b7987e2ac597e33eaec256a40448484	—	2026-03-30
FileHash-SHA1	03c9f7794bcc691c9c0ba996003199da279f48fe	—	2026-03-30
FileHash-SHA1	1bf3bf9e27fcc89ae7d38dafe5d71d7d9dfd4286	—	2026-03-30
FileHash-SHA1	22da6a104149cad87d5ec5da4c3153bebf68c411	—	2026-03-30
FileHash-SHA1	23b6f9c00b9d5475212173ec3cbbcff34c4400a7	—	2026-03-30
FileHash-SHA1	34f77c7e57f4f1798835b09c398765cc40414461	—	2026-03-30
FileHash-SHA1	3b80a13199564e3d8a9d26e14defabee136638f8	—	2026-03-30
FileHash-SHA1	440e2c7134d8501db45d5785d5b2f5c11f48c884	—	2026-03-30
FileHash-SHA1	4592e6173a643699dc526778aa0a30330d16fe08	—	2026-03-30
FileHash-SHA1	65e8cadb4901556ff9da328d158bc02fa37faf27	—	2026-03-30
FileHash-SHA1	7bc3bafa39f61969a577f54bff28c0d1eff75d5c	—	2026-03-30
FileHash-SHA1	7c78c531b059ec7fd83320d2d3ae01e21b1c40e8	—	2026-03-30
FileHash-SHA1	850cc399a70713aecf22324f006eefc3a03bc946	—	2026-03-30
FileHash-SHA1	858e841b91f16d3567b133b3c90d01e0499d5169	—	2026-03-30
FileHash-SHA1	8913090d7329c09b096625e9d57edf6c5d00978e	—	2026-03-30
FileHash-SHA1	8e5c60c4355b03cfdbb55276f84e31451ae8db80	—	2026-03-30
FileHash-SHA1	a45ab1a9dec488278ee9682735d42d61dfc38b9e	—	2026-03-30
FileHash-SHA1	a91d5a019e99aa5f420940ba2e2669d4bd9a881b	—	2026-03-30
FileHash-SHA1	c4799d17a4343bd353e0edb0a4de248b99295d4d	—	2026-03-30
FileHash-SHA1	c8c84bf33c05fb3a69bc5e2d6377b73649b93dce	—	2026-03-30
FileHash-SHA1	cea7e9323d79054f92634f4032c26d30c1cedd7e	—	2026-03-30
FileHash-SHA1	d577c4a264fee27084ddf717441eb89f714972a5	—	2026-03-30
FileHash-SHA1	d788d85335e20bb1f173d4d0494629d36083dddc	—	2026-03-30
FileHash-SHA1	da1c3e92f69e6ca0e4f4823525905cb6969a44ad	—	2026-03-30
FileHash-SHA1	dc33f3136363a0a18b89522afec4949c23143aff	—	2026-03-30
FileHash-SHA1	e3c12aa91067098035feb3caf3011ef954f75777	—	2026-03-30
FileHash-SHA1	e52a9f004f4359ea0f8f9c6eb91731ed78e5c4d3	—	2026-03-30
FileHash-SHA1	e55cacbbff9ad573cbaddf8a59bac187bf8c78f3	—	2026-03-30
FileHash-SHA1	f2f66f4c96f93f17b588736455e9b279c44b6049	—	2026-03-30
FileHash-SHA256	003cd35535ab9350a407a7dcd016c305fb8dbac03d41d5b7d3917c804b66dd2a	—	2026-03-30
FileHash-SHA256	0148c79cdfb21d87731f8e45d38c27242863ec4ea9621c59e537f59ed501c119	—	2026-03-30
FileHash-SHA256	0366b9bc02b00fda8ea28929b7159a038a43da0aa0299b8279bffc2d7e73892a	—	2026-03-30
FileHash-SHA256	0ab301b3e43ac2394ec25c5d1caf79aa0785a2eaca801b0b1b6d4621f5e8c736	—	2026-03-30
FileHash-SHA256	0bb0d54033767f081cae775e3cf9ede7ae6bea75f35fbfb748ccba9325e28e5e	—	2026-03-30
FileHash-SHA256	0db5bd9cb832618c60e0f3c0dfad719403473b85a82253dc0f6a8391800c0d0b	—	2026-03-30
FileHash-SHA256	144bddb48890fa680dfd226e36c0ef2c6d6f98a365aea48399edd0d0388711a1	—	2026-03-30
FileHash-SHA256	14acfaca5fc59d5ee9592399e51636ec47fbea36623555635a1361fcd2f50dfa	—	2026-03-30
FileHash-SHA256	1565934e529b5a9b6af7e60800a91f7ac3a6ec2e24b4f6df0f808d253b45cf42	—	2026-03-30
FileHash-SHA256	15b99e8b30ce0b57fe030243aa795b74b0d7dcd773f28f677f629f132bce1ff8	—	2026-03-30
FileHash-SHA256	18f9c08e60bb88891f5bb5dd133ae804703c0797bebdde397c01513a67b86a1e	—	2026-03-30
FileHash-SHA256	1d27a5ca6703f6e757d30adc8d4d703c2e99316d1eaaaf5c68635c47e8e0396e	—	2026-03-30
FileHash-SHA256	1ed863a32372160b3a25549aad25d48d5352d9b4f58d4339408c4eea69807f50	—	2026-03-30
FileHash-SHA256	2822c72a59b58c00fc088aa551cdeeb92ca10fd23e23745610ff207f53118db9	—	2026-03-30
FileHash-SHA256	36f5e04213d446c4208864f32a6af18d5184bbbb628808ef0a876ea6c31ea0b3	—	2026-03-30
FileHash-SHA256	3b411e9f282ba97feb56cb5a8bf3e9a1d1e9a5f8406e72213dfb140166a54012	—	2026-03-30
FileHash-SHA256	3cb09154a839a5de6e8ef4a04a933b7362afb56cdc4e91368b237e9bcb1cd7b9	—	2026-03-30
FileHash-SHA256	3f446d316efe2514efd70c975d0c87e12357db9fca54a25834d60b28192c6a69	—	2026-03-30
FileHash-SHA256	40c2e559992a7f595c593b419930a3f216516c3042ad86fb985348d53b6e01b9	—	2026-03-30
FileHash-SHA256	4f6aa45f2ead7ddb6a81f4a2b9745f8ec117d96971d4d80bb06f3ec3db5951da	—	2026-03-30
FileHash-SHA256	52b6fb40e7efb09c2bebe8550178e7e30009600bdedd1acae085d753761b7598	—	2026-03-30
FileHash-SHA256	57357655a62e3a8b1f4b78e1d3ed7e0f6d59a9bac213087294f91bb7847b2a8f	—	2026-03-30
FileHash-SHA256	5a17cfaea0cc3a82242fdd11b53140c0b56256d769b07c33757d61e0a0a6ec02	—	2026-03-30
FileHash-SHA256	5a88a15a1d764e635462f78a0cd958b17e6d22c716740febc114a408eef66705	—	2026-03-30
FileHash-SHA256	5c2a2c49e200a2d048f477440da75ff4a99c676943f6f7cac1ce70190520f998	—	2026-03-30
FileHash-SHA256	5f397327aeb20718e364bef61e8bad507772708a7d1bf55d8b845170c69f3de0	—	2026-03-30
FileHash-SHA256	64f2d135603220b47dd430be5e059dcedd80ad2bc3c17500816ec5d07e39d3d1	—	2026-03-30
FileHash-SHA256	71ef7438d785f3102735ed9d9233ac366507c82fc4fac4de88f687a105c84df6	—	2026-03-30
FileHash-SHA256	7ccf7e8050c66eed69f35159042d8043032f8afe48ae1f51fce75ce2c51395f2	—	2026-03-30
FileHash-SHA256	8438a4cd675c81cefd6a8d96b9e48b2730cc9086b4c531883f966a8818cccbef	—	2026-03-30
FileHash-SHA256	84464879c2ced71ff6a30277252af70a20e18c563b8e45f4a92e004f41fe3e01	—	2026-03-30
FileHash-SHA256	8858ee314c4db60a3f097ede38cbe64ce4e4b1e67041bad1e0580953011dfec1	—	2026-03-30
FileHash-SHA256	8c1dc9732884c6078b23953b78314a8d0d8b8d9fe42e5f97a7cd09b8ace943a9	—	2026-03-30
FileHash-SHA256	8d09eb897f2bc98035ef88152e2b5d571a7b61878dd12b451e0437089487a417	—	2026-03-30
FileHash-SHA256	8f4bca3c62268fff0458322d111a511e0bcfba255d5ab78c45973bd293379901	—	2026-03-30
FileHash-SHA256	92697d518e72a30800e96b63cf875573bd536c9b993d22014238f6a9f0e19e0f	—	2026-03-30
FileHash-SHA256	92a56faf6eccfad8281213393fad584cbd7b9e04db875dfb8fc01e1dbf4cbdd1	—	2026-03-30
FileHash-SHA256	948f109756cba0b01f11fd3db9c47a76125c4b1d9467ff1bd9c5013d214c933f	—	2026-03-30
FileHash-SHA256	968756e62052f9af80934b599994addbab29f8dc2615c47cda512bae48771019	—	2026-03-30
FileHash-SHA256	969d2776df0674a1cca0f74c2fccbc43802b4f2b62ecccecc26ed538e9565eae	—	2026-03-30
FileHash-SHA256	970e68e8b68e0c5f3f18cd55e0c82304e81547f8ebf349390db1c8a0681699fa	—	2026-03-30
FileHash-SHA256	9aa8b46d62eb426842b8ff0fc28e64719494f0f64d516253caa71a6fd86e9ad3	—	2026-03-30
FileHash-SHA256	9dad95985eea3b299c387e663a6edfbbf057cc634f2ca99c410238480bcd4e17	—	2026-03-30
FileHash-SHA256	9f4672c1374034ac4556264f0d4bf96ee242c0b5a9edaa4715b5e61fe8d55cc8	—	2026-03-30
FileHash-SHA256	a1b86c8957f460b78d906e1bdede829c4f3b5500d6449e8eba3ae5c302be2b86	—	2026-03-30
FileHash-SHA256	a848d48c79b77753a876d876baa3e802a5a37be37e7a772ddbd9a266cd1796ac	—	2026-03-30
FileHash-SHA256	a876f648991711e44a8dcf888a271880c6c930e5138f284cd6ca6128eca56ba1	—	2026-03-30
FileHash-SHA256	a95ee15e8ccf84521df2c80b1525fd89e205fc0280c3f6cbc24751080ea29206	—	2026-03-30
FileHash-SHA256	b2ba51b4491da8604ff9410d6e004971e3cd9a321390d0258e294ac42010b546	—	2026-03-30
FileHash-SHA256	b7342b03d7642c894ebad639b9b53fd851d7958298f454283c18748051946585	—	2026-03-30
FileHash-SHA256	ba01a2355414dfedda9ac5ce0d7a2d8edfb89ec3ae3e68fc81db035caa741854	—	2026-03-30
FileHash-SHA256	baad1153e58c86aa1dc9346cdd06be53b5dd2a6cf76202536d6721c934008f8e	—	2026-03-30
FileHash-SHA256	bb309ed228f97f3cf864ea89fa502f43214af4fb4b98d78837e42c4a4940b5f9	—	2026-03-30
FileHash-SHA256	bbfd93dbf43236b7f64017ad20f72dd611de1acb4b15e02569e42887467b34d4	—	2026-03-30
FileHash-SHA256	be859b4f4576ec09b69a2ef2d119939f7eb31de121aa01d38e1f0b2290f5a15e	—	2026-03-30
FileHash-SHA256	c4389cc34b672c4f885547f413bf38575e6ee2b23a0ddfdd306a69c1775db6fc	—	2026-03-30
FileHash-SHA256	c87be2f30cc974d0859526b9dd104e015f0e5d04bc43198305537f276705691e	—	2026-03-30
FileHash-SHA256	c91183175ce77360006f964841eb4048cf37cb82103f2573e262927be4c7607f	—	2026-03-30
FileHash-SHA256	cbea5c7d71a5a6cb9153b00d2d27e6a3579004c27f5e817f317eeebdce7f805f	—	2026-03-30
FileHash-SHA256	ce2c475461d57f222a6aa22f49420f804a43c2eb29abf8553457a7d30f7cb024	—	2026-03-30
FileHash-SHA256	d213b5079462e737eb940ac46c59e386eb6ca7f8decc95a594b3d8f3b6940010	—	2026-03-30
FileHash-SHA256	d6b75d496e28692dd02c6336ac5c5a42ac88da7ad315d3e508963cf8d46926b3	—	2026-03-30
FileHash-SHA256	d944abab1481457eacf9f1d08f835980c2146ec91513e2eb94714c6abaec5f34	—	2026-03-30
FileHash-SHA256	dbf33417e40f0fe8078a11d81f7d323bfed1912f5cb62d765c1be72561474659	—	2026-03-30
FileHash-SHA256	de2b24d08e795ad9cdd1b74882a3626febefadafaf8ff0ae76cba16dcaa0f8bc	—	2026-03-30
FileHash-SHA256	e3f9519a21a16ff2c8f989034e47fbc91a2d019e09a1d7d17ff751e52a09d15b	—	2026-03-30
FileHash-SHA256	e792adf4dff54faca5b9f5b32c1a2df3a6a955e722f1be8df2451c03ed940e41	—	2026-03-30
FileHash-SHA256	e8889528e2114a700438f73da09449cfdde655a29da6794d0449b5e8aa4dbf2a	—	2026-03-30
FileHash-SHA256	ea4679d1c05bef0c38b4d910a87f79070ca2e661779a255f523d57ef1921a1c7	—	2026-03-30
FileHash-SHA256	eb187ff574ab25dffa12dd05ff5f9716f4fc489e2de457c4a50aa0d3cb0f1479	—	2026-03-30
FileHash-SHA256	eec4122a1262579806888d8a6a215b333d5e4eec600b5caba91e187b7b468e22	—	2026-03-30
FileHash-SHA256	f0d443055143cbd6bce8ef96b52d430e2db321b37b8b93a2a9d0354651702790	—	2026-03-30
FileHash-SHA256	f7bda19543074c788c321aed42d955b4d50b7b0a2c3ca83b7f45b5e8b9a10491	—	2026-03-30
FileHash-SHA256	fd3f13db41cd5b442fa26ba8bc0e9703ed243b3516374e3ef89be71cbf07436b	—	2026-03-30
FileHash-SHA256	ff310202cbff28b47f03b4b0129a5b925a4b7b065af002072a3796920720c34e	—	2026-03-30
FileHash-SHA256	ffca9d56feb5ec8844b42f513cecd67a554a2ddb3408dbc6942e2fd60453aee1	—	2026-03-30
IPv4	193.187.148.169	—	2026-03-30
IPv4	23.227.202.14	—	2026-03-30
IPv4	72.62.185.31	—	2026-03-30
domain	freefoodaid.com	—	2026-03-30
domain	longsauce.com	—	2026-03-30
domain	wellnessmedcare.org	—	2026-03-30
email	a.matti444@proton.me	—	2026-03-30
email	dubravka.jovanovic2024@proton.me	—	2026-03-30
email	teoabarquero@tutamail.com	—	2026-03-30
email	uffetroelsen@atomicmail.io	—	2026-03-30
hostname	910cf351-a05d-4f67-ab8e-6f62cfa8e26d.dnshook.site	—	2026-03-30
hostname	dbca10b5-63e0-42ec-ad10-de13be96dc42.dnshook.site	—	2026-03-30
hostname	egest.filen-1.net	—	2026-03-30
hostname	egest.filen-2.net	—	2026-03-30
hostname	egest.filen-3.net	—	2026-03-30
hostname	egest.filen-4.net	—	2026-03-30
hostname	egest.filen-5.net	—	2026-03-30
hostname	egest.filen-6.net	—	2026-03-30
hostname	egest.filen.net	—	2026-03-30
hostname	gateway.filen-2.net	—	2026-03-30
hostname	gateway.filen-3.net	—	2026-03-30
hostname	gateway.filen-4.net	—	2026-03-30
hostname	gateway.filen-5.net	—	2026-03-30
hostname	ingest.filen-1.net	—	2026-03-30
hostname	ingest.filen-2.net	—	2026-03-30
hostname	ingest.filen-3.net	—	2026-03-30
hostname	ingest.filen-4.net	—	2026-03-30
hostname	ingest.filen-5.net	—	2026-03-30
hostname	ingest.filen-6.net	—	2026-03-30
hostname	ingest.filen.net	—	2026-03-30

References (2)

↗ https://www.trendmicro.com/en_us/research/26/c/pawn-storm-targets-govt-infra.html ↗ https://documents.trendmicro.com/assets/txt/Pawn%20Storm%20Deploys%20PRISMA%20IOCs-xQ48S7H.txt