ioc[.]one - OSINT Cyber Threat Intelligence Database

Renewed SideWinder Activity in South Asia

Tags

country:	Afghanistan China Nepal India Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Dynamic Dns - T1311 Dynamic Dns - T1333 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Python - T1059.006 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	bc590369-f03d-44da-8c0c-d2228a76bd36
Fingerprint	9f218dd1a2038701
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 8, 2021, 11:40 a.m.
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Oct. 17, 2024, 1:47 p.m.
Headline	UNKNOWN
Title	Renewed SideWinder Activity in South Asia
Detected Hints/Tags/Attributes	76/3/24

Source URLs

	Redirection	Url
Details	Source	http://www.deependresearch.org/2021/03/renewed-sidewinder-activity-in-south.html

URL Provider

Details	Provider	Source level domain
Details	deependresearch.org	www.deependresearch.org

Attributes

Details	Type	#Events	Value
Details	Domain	3	mail-ntcnetnp.serveftp.com
Details	Domain	1	mail.aop.gavaf.org
Details	Domain	2	mail.nepal.gavnp.org
Details	Domain	1	mail.ncp.gavnp.org
Details	Domain	1	mail-mofa.hopto.org
Details	Domain	1	mail-mofagovpk.myftp.org
Details	Domain	1	mail-mopitgovnp.hopto.org
Details	Domain	1	webmail-accbt.hopto.org
Details	Domain	1	mail-opmcmgavnp.hopto.org
Details	Domain	1	mail-nepalpolgavnp.hopto.org
Details	Domain	3	mail-apfgavnp.hopto.org
Details	Domain	1	mail-meagovmv.hopto.org
Details	Domain	3	microsoft-winupdate.servehttp.com
Details	Domain	1	changeworld.hopto.org
Details	Domain	1	teamchat.hopto.org
Details	File	3	loginvault.db
Details	sha256	1	680196722f65117a62cb3738f390e3552ffafcd663e85b7a81965f55462be994
Details	sha256	2	0c182b51ff1dffaa384651e478155632c6e65820322774e416be20e6d49bb8f9
Details	sha256	1	66dcaaa42e3f36f0560af741017c13c528758140f0f7f4260b9213739ffd9e70
Details	sha256	1	ddc19d1421e2eed9c606c4249fab0662f1253e441da2f1285242cb03d5be5b32
Details	sha256	1	f120cb306cb9e2cc0fbfb47e6bd4fdf2a3eea0447a933bc922f33ff458b43a86
Details	sha256	1	fd48c8ae2753bb729ed26535726459f6c19e598fd270eaaa5c14f4d51ce348d5
Details	IPv4	2	45.153.240.66
Details	Threat Actor Identifier - APT-C	17	APT-C-17