2/ The analysis of web page shows the username and password being exfiltrated to same domain on URI "/sumit" Similarly, the IP Address and Browser Details of user visiting the webpage is also captured.

Hunt.io 4/ Similarly, by analyzing the domain over VirusTotal, we have found another subdomain targeting #Pakistan Ministry of Foreign Affairs (#MOFA). mail[.]mofa[.]gov[.]pk[.]officemuwork[.]online #APT #Sidewinder

Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem cloud.google.com/blog/topics/th…

Threat Alert: #SideCopy — New DLL Sample Observed C2: wmiprovider[.]com ThreatBook Intelligence: na2.hubs.ly/H026LQb0

#APT36 #SideCopy #Phishing #APT [1/3] 20250731-Deferment-of-implementation-of-Rule-9-of-LPS-Rule_434_785.zip 99b2235101a9a1eb922527b1a31e9b51 737cbe4cef2f2a178b9f91d2104f7dd3 be263bee537ab60901fa1436c91ce32e ZipModifyDate 2025:09:25 #CurlBackRAT #C2 microsoft.windowsdns[.]com

Sidewinder confi report.docx faa78461d2f37809b482af4527960ada C2 mopa-gov-bd[.]snagdrive[.]org #Sidewinder #APT #IOC

If you missed HEXACON 2025 or want to rewatch some of the talks, they’re now available on our YouTube channel 📽️ Enjoy the content, and see you in 2026! youtube.com/playlist?list=…

#APT #Sidewinder Targets #Bangladesh Ministry of Home Affairs A new #exfiltration server has been observed by Hunt.io --> drive-mha-gov-bd-files-acctn-doct[.]netlify[.]app Exfil to: https://pdfofficialdocument[.]com/cvbnhmj7[.]php Mikhail Kasimov Shadow Chaser Group MalwareHunterTeam

Lure: Letter for Security_Algeria Ambassador visit to CoxsBazar.pdf The script blocks common browser shortcuts (F12, Ctrl+Shift+I/J, Ctrl+U, Ctrl+S) and right-click to prevent access to developer tools, page source, and saving. #sidewinder #apt

2025 북한인권 청년 아카데미 강의 주제.pdf.lnk 4f2617a971b9c78c8b215d6cb65525ff56f0633a3bcd381695a19efe08156a04 jlrandsons.co[.]uk/wp-admin/maint/plugin/decrease/? #APT #DPRK

#APT #Patchwork Suspected_Internal_Fraud.lnk 82adec72e5647afee39412bfbcbed71f libvlc.dll e66944963117f588d929c31801df06aa cabinetdivisionpakgov[.]org xydizainten[.]org

#APT #Patchwork trojan #StreamSpy has some connections with #Spyder variant, and shares digital signature with malware related to #Donot. Report: mp.weixin.qq.com/s/nTfpQW8QDE2G…

#APT #Bitter a) VBA in .xlam -> scheduled task b) Decoy PDF downloads .accdr file -> VBA in .accdr -> scheduled task 810720dba4f96646a0b4760564e42089 e7d202c5b960b158eaf2d6d0cf508108 ebe92f3c8a44d56ddf7f25f689003aa5 andrewswebstorage[.]com sanolegazy[.]com

Suspicious Samples d978d61b734548d1d7563c10ea6231d2 89565254.pdf.lnk hxxp://104.208.90.240/n2 The IP was previously labeled Havoc 8b546949ed2caf328c5c03a178a4c1c0 Payload detected as GoShellcodeLoader The cmd included in the LNK file makes it look like Patchwork, but it's not

2025-National-Security-Strategy of the United States of America.pdf b16fb6c2d492c7ae0f909dd7ed1b2b53e291710710b52f7b7333b546f5f00067 #APT #Kimsuky #DPRK

#APT #Sidewinder Brief National Initiative for New Provinces.docx 8c3cc8db8a223f09b35ae1673c693803 www-communications-gov-pk.fetchdrive[.]org 5.230.78[.]123 fetchdrive[.]org commerce-gov-pk.fetchdrive[.]org mofa-gov-bd.fetchdrive[.]org portmin-gov-lk.fetchdrive[.]org

"Eligibility_Criteria.pdf.msc", seen from Pakistan: 5dc5de87fb868fb06e107a7695d7f002dfd31c51b9ef7e237c35973ce4716608 Next stage (looks geolocked): https://fgeha-gov-pk.pages[.]dev/hnseb3229nbhs.html 🤷‍♂️

2026년 상반기 국내대학원 석사야간과정 위탁교육생 선발관련 서류 (1).hwpx.jse a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e #APT #Suspicious

#APT #Sidewinder Targets Special Communication Organization (#SCO) of #Pakistan Link: https://mail-sco-gov-pk[.]netlify[.]app/sessionexpire.html Exfil to: https://usermail-output-panel[.]000webhostapp[.]com/SCO/action.php Mikhail Kasimov Shadow Chaser Group MalwareHunterTeam

#APT #Donot #IoC 16d052240b3dd9fb76045a6254d2b691 bb46e49af67aedbd47fdbc7232bac2b5 hxxps://notedupdatez[.]info/ZxStpliGBsfdutMawer/sIOklbgrTYULKcsdGBZxsfetmw hxxps://notedupdatez[.]info/ZxStpliGBsfdutMawer/lkhgBrPUyXbgIlErAStyilzsh/N1/SA