ioc[.]one - OSINT Cyber Threat Intelligence Database

Unraveling SloppyLemming’s operations across South Asia

Tags

cmtmf-attack-pattern:	Masquerading
country:	Bangladesh China Sri Lanka Nepal Indonesia Pakistan Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Services - T1021.007 Credentials - T1589.001 Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Email Accounts - T1585.002 Email Accounts - T1586.002 Ip Addresses - T1590.005 Javascript - T1059.007 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Tool - T1588.002 Connection Proxy - T1090 Dll Side-Loading - T1073 Masquerading - T1036 Mshta - T1170 Powershell - T1086 Masquerading

Show in Graph

Common Information

Type	Value
UUID	94cdb3ae-2847-4010-b541-aa0179a0caee
Fingerprint	f0b30f1d0e9eb6a8
Analysis status	DONE
Considered CTI value	1
Text language
Published	Sept. 3, 2024, midnight
Added to db	Oct. 1, 2024, 12:57 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Home
Title	Unraveling SloppyLemming’s operations across South Asia
Detected Hints/Tags/Attributes	132/4/176

Source URLs

	Redirection	Url
Details	Source	https://www.cloudflare.com/threat-intelligence/research/report/unraveling-sloppylemmings-operations-across-south-asia/

URL Provider

Details	Provider	Source level domain
Details	cloudflare.com	www.cloudflare.com

Attributes

Details	Type	#Events	Value
Details	CVE	133	cve-2023-38831
Details	Domain	2	by.id
Details	Domain	1	email.click
Details	Domain	1	attachment.click
Details	Domain	2	mail-na-gov-pk.na-gov-pk.workers.dev
Details	Domain	2	storage-e13.sharepoint-e13.workers.dev
Details	Domain	1	filebox-1-y7125191.deta.app
Details	Domain	2	zoom.osutuga7.workers.dev
Details	Domain	1	storage.sharepoint-e13.workers.dev
Details	Domain	49	mail.google.com
Details	Domain	58	accounts.google.com
Details	Domain	2	sharepoint-punjab.sharepoint-e13.workers.dev
Details	Domain	3	redzone.apl-org.online
Details	Domain	5	www.dawn.com
Details	Domain	2	mailpitb-securedocs.zapto.org
Details	Domain	2	pitb.zapto.org
Details	Domain	12	discordapp.com
Details	Domain	1	pitb-je5687.pdf.search
Details	Domain	3	pitb.gov-pkgov.workers.dev
Details	Domain	5	aljazeerak.online
Details	Domain	2	sco.zapto.org
Details	Domain	2	mofapak.info
Details	Domain	2	confidential.zapto.org
Details	Domain	2	humariweb.info
Details	Domain	2	modp-pk.org
Details	Domain	3	itsupport-gov.com
Details	Domain	2	apl-org.online
Details	Domain	2	apl-com.icu
Details	Domain	3	maldevfudding.com
Details	Domain	2	navybd-gov.info
Details	Domain	3	168-gov.info
Details	Domain	3	adobefileshare.com
Details	Domain	3	crec-bd.site
Details	Domain	3	quran-books.store
Details	Domain	3	hurr.zapto.org
Details	Domain	2	hascolgov.info
Details	Domain	3	helpdesk-lab.site
Details	Domain	32	file.name
Details	Domain	228	system.io
Details	Domain	2	jammycanonicalupdates.cloud
Details	Domain	2	locaal.navybd-gov.info
Details	Domain	2	openkm.paknavy-pk.org
Details	Domain	2	cloud.adobefileshare.com
Details	Domain	2	redzone2.apl-org.online
Details	Domain	2	login.apl-org.online
Details	Domain	2	owa-spamcheck.apl-org.online
Details	Domain	2	dawn.apl-org.online
Details	Domain	2	hit-pk.org
Details	Domain	2	blabla.apl-com.icu
Details	Domain	2	acrobat.paknavy-pk.org
Details	Domain	2	paknavy-pk.org
Details	Domain	2	mail.pakistangov.com
Details	Domain	2	mail.apl-com.icu
Details	Domain	2	browser.apl-org.online
Details	Domain	2	docs.apl-com.icu
Details	Domain	2	new.apl-org.online
Details	Domain	2	mozilla.apl-org.online
Details	Domain	2	opensecurity-legacy.com
Details	Domain	2	monitor.opensecurity-legacy.com
Details	Domain	2	sensors.opensecurity-legacy.com
Details	Domain	2	static.opensecurity-legacy.com
Details	Domain	2	bin.opensecurity-legacy.com
Details	Domain	2	api.opensecurity-legacy.com
Details	Domain	2	frontend-m.opensecurity-legacy.com
Details	Domain	2	accounts.opensecurity-legacy.com
Details	Domain	2	oil.hascolgov.info
Details	Domain	2	hesco.hascolgov.info
Details	Domain	2	locall.hascolgov.info
Details	Domain	2	updpcn.online
Details	Domain	2	update.apl-org.online
Details	Domain	2	zero-berlin-covenant.apl-org.online
Details	Domain	2	fonts.apl-org.online
Details	Domain	2	localhost.apl-com.icu
Details	Domain	2	cloud.cflayerprotection.com
Details	Domain	2	secure.cflayerprotection.com
Details	Domain	2	cflayerprotection.com
Details	Domain	2	data.cloudlflares.com
Details	Domain	2	secure.cloudlflares.com
Details	Domain	2	cloudlflares.com
Details	Domain	2	www.cloudlflares.com
Details	Domain	2	mail-islamabadpolice-gov-pk.ntc-telecommunication-safecity.workers.dev
Details	Domain	2	herald-b2a.workers.dev
Details	Domain	2	images-11d.workers.dev
Details	Domain	2	classifieds.workers.dev
Details	Domain	2	dawnnews.workers.dev
Details	Domain	2	aurora.dawn-904.workers.dev
Details	Domain	2	epaper.dawn-323.workers.dev
Details	Domain	2	obituary.workers.dev
Details	File	1	by.css
Details	File	15	driver.exe
Details	File	1	tokenresponse.json
Details	File	4	29.pdf
Details	File	1	redirecturl.inc
Details	File	4	29.rar
Details	File	25	cryptsp.dll
Details	File	2	outlook.eml
Details	File	2	nekrowire.dll
Details	File	1	border_3.gif
Details	File	1	logo-icon-large-trans.png
Details	File	1	20240127181309.css
Details	File	1	20231026151410.css
Details	File	1	01102602e55ab9e.jpg
Details	File	1	5931466588b47.png
Details	File	218	min.js
Details	File	1	spacer.gif
Details	File	30	adsbygoogle.js
Details	File	1	01143710cc64722.jpg
Details	File	1	27081711bebc45a.png
Details	File	1	onesignalpagesdkes6.js
Details	File	1	20230822133816.css
Details	File	1	20240130115108.css
Details	File	1	20231027151511.js
Details	File	4	container.html
Details	File	1	logo-icon--large-trans.png
Details	File	1	aps_csm.js
Details	File	1	runner.html
Details	File	1	topics_frame.html
Details	File	1	20231030131909.js
Details	File	1	ufs_web_display.js
Details	File	1	www-subscribe-embed-card_v0.css
Details	File	1	6l5e_s1n_normal.jpg
Details	File	1	qs_click_protection_fy2021.js
Details	File	1	'pitb-je5687.pdf
Details	File	7	window.url
Details	File	2	it-integration.pdf
Details	File	4	pitb-jr5124.exe
Details	File	128	msedge.exe
Details	File	13	profapi.dll
Details	File	20	sspicli.dll
Details	File	1	profapis.dll
Details	File	41	request.url
Details	File	2125	cmd.exe
Details	File	47	winrar.exe
Details	File	226	certutil.exe
Details	File	456	mshta.exe
Details	File	63	bitsadmin.exe
Details	IPv4	3	8.219.169.226
Details	IPv4	2	47.74.10.112
Details	IPv4	2	47.83.23.246
Details	IPv4	2	159.65.6.251
Details	IPv4	3	139.59.109.136
Details	IPv4	2	37.27.41.167
Details	IPv4	2	47.237.105.113
Details	IPv4	2	185.249.198.218
Details	IPv4	2	8.222.235.145
Details	IPv4	2	47.237.20.135
Details	IPv4	2	47.245.56.29
Details	IPv4	2	47.237.20.201
Details	IPv4	2	47.237.25.198
Details	IPv4	2	47.245.2.77
Details	IPv4	2	208.85.22.252
Details	IPv4	2	8.219.114.124
Details	IPv4	2	47.236.65.190
Details	IPv4	2	47.245.114.11
Details	IPv4	2	47.76.61.241
Details	IPv4	2	149.28.153.250
Details	IPv4	2	47.245.42.208
Details	IPv4	2	47.74.84.168
Details	IPv4	2	47.74.87.155
Details	IPv4	2	159.253.120.25
Details	IPv4	2	207.148.73.145
Details	IPv4	2	47.254.229.56
Details	IPv4	2	47.76.181.76
Details	IPv4	2	47.245.126.218
Details	IPv4	2	142.93.139.164
Details	IPv4	2	45.137.116.8
Details	Url	2	https://mail-na-gov-pk.na-gov-pk.workers.dev/api/login.
Details	Url	1	https://filebox-1-y7125191.deta.app/embed/bd9c25278a2639c0
Details	Url	2	https://zoom.osutuga7.workers.dev/authenticate
Details	Url	1	https://storage.sharepoint-e13.workers.dev/oauth2callback
Details	Url	9	https://mail.google.com
Details	Url	3	https://accounts.google.com/o/oauth2/v2/auth
Details	Url	1	https://filebox-1-y7125191.deta.app/embed/e2570171795675b4
Details	Url	1	https://www.dropbox.com/scl/fi/67twsfn5xy8eanrp7mtw1/camscanner-06-10-2024-15.29.rar?rlkey=w1kpjdd4iwl4p7c83wbiujw17&st=4i5ahlyz&dl=1
Details	Url	1	https://www.dawn.com
Details	Url	1	https://discordapp.com/api/webhooks