{ "type": "URL", "indicator": "https://mofa-gov-bd.snagdrive.com/a18939fc/adobe-reader", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://mofa-gov-bd.snagdrive.com/a18939fc/adobe-reader", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4142327703, "indicator": "https://mofa-gov-bd.snagdrive.com/a18939fc/adobe-reader", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "690b3e15fa1f58b81bdfb81d", "name": "EbeeNov2025 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2025-12-05T12:04:04.227000", "created": "2025-11-05T12:07:49.857000", "tags": [], "references": [ "Nov.Week1.pdf" ], "public": 1, "adversary": "Cl0p ransomware, \u2022 Silent Lynx, \u2022Tor-Backed \u2022PDFClick \u2022DesertDexter", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 49, "FileHash-MD5": 152, "FileHash-SHA1": 99, "FileHash-SHA256": 186, "domain": 28, "email": 9, "hostname": 21 }, "indicator_count": 544, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "690834dc51f5a2bada1f4d4e", "name": "SideWinder's Shifting Sands: Click Once for Espionage", "description": "", "modified": "2025-11-03T04:51:40.273000", "created": "2025-11-03T04:51:40.273000", "tags": [ "integrated hajj", "medical team", "microsoft word", "weapons", "officers", "hajj", "joint", "appointment as", "coordinator to", "the prime" ], "references": [ "https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "690187b7cb15dd83e5b696e0", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 42, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 53, "domain": 2, "email": 9, "hostname": 15 }, "indicator_count": 123, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "212 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "690187b7cb15dd83e5b696e0", "name": "IOC - SideWinder's Shifting Sands: Click Once for Espionage", "description": "In September 2025, the Trellix Advanced Research Center (ARC) detected a campaign targeting a European embassy located in New Delhi, India. Further investigation led to the discovery of multiple targeted institutions from various countries, including Sri Lanka, Pakistan, and Bangladesh.\n\nThis report examines the tactics, techniques, and procedures (TTPs) employed by SideWinder, an advanced persistent threat (APT) group notorious for its espionage activities in Asia. Our investigation reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in addition to their previously documented Microsoft Word exploit vectors. This shift highlights the group's ongoing adaptation to circumvent conventional security measures and achieve its objectives.", "modified": "2025-10-29T03:19:19.082000", "created": "2025-10-29T03:19:19.082000", "tags": [ "integrated hajj", "medical team", "microsoft word", "weapons", "officers", "hajj", "joint", "appointment as", "coordinator to", "the prime" ], "references": [ "https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 42, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 53, "domain": 2, "email": 9, "hostname": 15 }, "indicator_count": 123, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/", "Nov.Week1.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "Cl0p ransomware, \u2022 Silent Lynx, \u2022Tor-Backed \u2022PDFClick \u2022DesertDexter" ], "malware_families": [], "industries": [], "unique_indicators": 761 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/snagdrive.com", "whois": "http://whois.domaintools.com/snagdrive.com", "domain": "snagdrive.com", "hostname": "mofa-gov-bd.snagdrive.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "690b3e15fa1f58b81bdfb81d", "name": "EbeeNov2025 Pt1", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2025-12-05T12:04:04.227000", "created": "2025-11-05T12:07:49.857000", "tags": [], "references": [ "Nov.Week1.pdf" ], "public": 1, "adversary": "Cl0p ransomware, \u2022 Silent Lynx, \u2022Tor-Backed \u2022PDFClick \u2022DesertDexter", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 49, "FileHash-MD5": 152, "FileHash-SHA1": 99, "FileHash-SHA256": 186, "domain": 28, "email": 9, "hostname": 21 }, "indicator_count": 544, "is_author": false, "is_subscribing": null, "subscriber_count": 42, "modified_text": "179 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "690834dc51f5a2bada1f4d4e", "name": "SideWinder's Shifting Sands: Click Once for Espionage", "description": "", "modified": "2025-11-03T04:51:40.273000", "created": "2025-11-03T04:51:40.273000", "tags": [ "integrated hajj", "medical team", "microsoft word", "weapons", "officers", "hajj", "joint", "appointment as", "coordinator to", "the prime" ], "references": [ "https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "690187b7cb15dd83e5b696e0", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 42, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 53, "domain": 2, "email": 9, "hostname": 15 }, "indicator_count": 123, "is_author": false, "is_subscribing": null, "subscriber_count": 278, "modified_text": "212 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "690187b7cb15dd83e5b696e0", "name": "IOC - SideWinder's Shifting Sands: Click Once for Espionage", "description": "In September 2025, the Trellix Advanced Research Center (ARC) detected a campaign targeting a European embassy located in New Delhi, India. Further investigation led to the discovery of multiple targeted institutions from various countries, including Sri Lanka, Pakistan, and Bangladesh.\n\nThis report examines the tactics, techniques, and procedures (TTPs) employed by SideWinder, an advanced persistent threat (APT) group notorious for its espionage activities in Asia. Our investigation reveals a notable evolution in SideWinder's TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in addition to their previously documented Microsoft Word exploit vectors. This shift highlights the group's ongoing adaptation to circumvent conventional security measures and achieve its objectives.", "modified": "2025-10-29T03:19:19.082000", "created": "2025-10-29T03:19:19.082000", "tags": [ "integrated hajj", "medical team", "microsoft word", "weapons", "officers", "hajj", "joint", "appointment as", "coordinator to", "the prime" ], "references": [ "https://www.trellix.com/blogs/research/sidewinders-shifting-sands-click-once-for-espionage/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 42, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 53, "domain": 2, "email": 9, "hostname": 15 }, "indicator_count": 123, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "217 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://mofa-gov-bd.snagdrive.com/a18939fc/adobe-reader", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://mofa-gov-bd.snagdrive.com/a18939fc/adobe-reader", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780467417.2262104 }