# Copyright (c) 2014-2024 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt-04, apt-c-24, apt-q-39, ta399, sloppylemming # Reference: https://twitter.com/Sebdraven/status/1052864520522223616 # Reference: https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739 # Reference: https://www.virustotal.com/#/ip-address/185.106.120.43 heartissuehigh.win webserv-redir.net # Reference: https://twitter.com/Sebdraven/status/1140597344720830471 # Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/ # Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations # Reference: https://pastebin.com/rccqdjNB cdn-dl.cn bd-gov.cdn-dl.cn bdgov-mopa.cdn-dl.cn biaa-org-bd.cdn-dl.cn biaa-org.cdn-dl.cn gov-cn.cdn-dl.cn gov-pk.cdn-dl.cn hostmaster.cdn-dl.cn info-account.cdn-dl.cn ministry-gov.cdn-dl.cn ministry-interior-gov-pk.cdn-dl.cn mod-gov.cdn-dl.cn moe-gov.cdn-dl.cn moi-nadra.cdn-dl.cn mopa-bd.cdn-dl.cn mopa-bdgov.cdn-dl.cn mopa-govbd.cdn-dl.cn nadra-interior.cdn-dl.cn nadra-moi.cdn-dl.cn narda-moi.cdn-dl.cn neteease.cdn-dl.cn newmake.pw serve-dropbx-ap-east1.cdn-dl.cn suodeshui.cdn-dl.cn tiexue.cdn-dl.cn # Reference: https://twitter.com/Timele9527/status/1147750939576586244 http://167.86.116.39 # Reference: https://twitter.com/Timele9527/status/1147750939576586244 vidyasagaracademybrg.in/scripts/lnk/ vidyasagaracademybrg.in/scripts/am/ # Reference: https://twitter.com/Timele9527/status/1150597482310619136 # Reference: https://app.any.run/tasks/e15e1cd1-0c38-41b9-aa1e-a29562f17b3d/ # Reference: https://www.freebuf.com/articles/network/196788.html (Chinese) ap12.ms-update-server.net cdn-do.net cdn-edge.net cdn-list.net fb-dn.net google.com.d-dns.co msftupdate.srv-cdn.com nadra.gov.pk.d-dns.co pmo.cdn-load.net s2.cdn-edge.net s12.cdn-apn.net trans-pre.net webserv-redir.net # Reference: https://twitter.com/blackorbird/status/1160734383864610816 trans-can.net # Reference: https://mp.weixin.qq.com/s/pJ-rnzB7VMZ0feM2X0ZrHA cdn-ps.net # Reference: https://twitter.com/blackorbird/status/1189116884626493440 paknavy.gov.pk.ap1-port.net # Reference: https://twitter.com/Timele9527/status/1195272502135549953 # Reference: https://www.virustotal.com/gui/domain/reawk.net/details reawk.net # Reference: https://twitter.com/ccxsaber/status/1195281985335201794 sd1-bin.net # Reference: https://twitter.com/0xCARNAGE/status/1203882560176218113 # Reference: https://app.any.run/tasks/3abfc241-3ab0-4016-acbb-040b44199d52/ 185.225.17.239:443 # Reference: https://twitter.com/RedDrip7/status/1206898954383740929 ap1-acl.net # Reference: https://twitter.com/Timele9527/status/1211852764688478216 # Reference: https://app.any.run/tasks/c8469e19-96a0-4f2f-9765-72acf72dee05/ fincruitconsulting.in # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ # Reference: https://otx.alienvault.com/pulse/5e133ac9f5eaf331885e74b4 aws-check.net deb-cn.net ms-db.net ms-ethics.net # Reference: https://github.com/blackorbird/APT_REPORT/tree/master/sidewinder gov-pk.org # Reference: https://mp.weixin.qq.com/s/L3dVwbkfTABtE4ZYtv5r4w # Reference: https://otx.alienvault.com/pulse/5e206d8b77de0b2690b9946c 110.10.176.193:4443 # Reference: https://twitter.com/Timele9527/status/1247325070520750080 # Reference: https://twitter.com/Timele9527/status/1247327952238284800 # Reference: https://twitter.com/Timele9527/status/1247376905956765697 ap-ms.net d01fa.net fdn-en.net nrots.net # Reference: https://twitter.com/ShadowChasing1/status/1252547080070914048 link-cdnl.net # Reference: https://twitter.com/ccxsaber/status/1260775018306236416 au-edu.km01s.net # Reference: https://twitter.com/Arkbird_SOLG/status/1260727623539404800 kat0x.net # Reference: https://twitter.com/ShadowChasing1/status/1268214042637684738 # Reference: https://www.virustotal.com/gui/domain/chrom3.net/relations chrom3.net r0dps.net # Reference: https://twitter.com/ccxsaber/status/1281413683013287936 gov-mil.cn # Reference: https://twitter.com/ShadowChasing1/status/1284319235481538565 cdn-m1l.net tar-gz.net # Reference: https://twitter.com/cyber__sloth/status/1293183011916193793 # Reference: https://twitter.com/cyber__sloth/status/1293187616897028098 # Reference: https://twitter.com/Arkbird_SOLG/status/1293221669134372865 # Reference: https://app.any.run/tasks/e3501b33-28a2-4b7c-bc79-d20891c4832e/ http://111.229.73.84 202.58.104.100:81 # Reference: https://twitter.com/ShadowChasing1/status/1296710024643796992 # Reference: https://www.virustotal.com/gui/file/a89189f1c7c101c8d9c2637e571c4f8546df3ea557a576090cde7b75009981a9/detection fqn-cloud.net # Reference: https://twitter.com/ShadowChasing1/status/1297902086747598852 asw-edu.net filesrvr.net # Reference: https://twitter.com/cyber__sloth/status/1298187291295461376 # Reference: https://www.virustotal.com/gui/ip-address/185.141.25.136/relations mil-pk.net # Reference: https://twitter.com/ShadowChasing1/status/1308620752703299585 aws-pk.net cdn-aws-s2.net # Reference: https://twitter.com/ShadowChasing1/status/1316680709478604800 # Reference: https://twitter.com/mg2_tracy1/status/1316688407280586752 # Reference: https://www.virustotal.com/gui/file/280fb291d49f277067667838cdf30a940eaed9ed7712448158ea29e1ce6af86f/detection cdn-sop.net # Reference: https://twitter.com/ShadowChasing1/status/1324349418162720769 # Reference: https://twitter.com/ShadowChasing1/status/1324349684664528897 # Reference: https://www.virustotal.com/gui/domain/gov-pok.net/detection gov-pok.net # Reference: https://twitter.com/RedDrip7/status/1328639418110865409 # Reference: https://www.virustotal.com/gui/file/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010/detection cdn-edu.net brep.cdn-edu.net # Reference: https://twitter.com/mg2_tracy1/status/1331153718931177473 # Reference: https://www.virustotal.com/gui/file/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857/detection ms-trace.net # Reference: https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html # Reference: https://www.virustotal.com/gui/ip-address/185.225.19.46/relations # Reference: https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742 185.225.19.46:4589 185.225.19.46:4875 gov-af.org gov-np.org aop.gov-af.org arg.gov-af.org imail.aop.gov-af.org mail-apfgavnp.hopto.org mail-apfgovnp.ddns.net mail-kmgcom.ddns.net mail-mfagovcn.hopto.org mail-mofagovnp.hopto.org mail-mofagovnp.zapto.org mail-mofgovnp.hopto.org mail-ncporgnp.hopto.org mail-nepalarmymilnp.duckdns.org mail-nepalgovnp.duckdns.org mail-nepalgovnp.zapto.org mail-nepalpolicegov.hopto.org mail-nepalpolicegovnp.duckdns.org mail-nrborg.hopto.org mail-nscaf.myftp.org mail-nscgovaf.hopto.org mail-ntcnetnp.serveftp.com mail.arg.gov-af.org techfriend.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/83.171.236.49/relations mail-mofa.myftp.org mail-mohs.myftp.org microsoftfp.hopto.org nitcgov-np.hopto.org # Reference: https://twitter.com/BaoshengbinCumt/status/1342297125141454848 # Reference: https://www.virustotal.com/gui/file/c59c6c18f529c88cf352883b23af36f829b8ae1d17daa0762f028184cba7199b/detection cdn-re.net # Reference: https://twitter.com/ShadowChasing1/status/1345559958796914694 gov-mail.net # Reference: https://twitter.com/cyber__sloth/status/1346100925199478784 gov-af.net gov-crt.net gov-nadra.net gov-pbs.net gov-pmo.net # Reference: https://www.virustotal.com/gui/domain/gov-cn.net/relations gov-cn.net # Reference: https://www.virustotal.com/gui/domain/gov-cnn.net/relations gov-cnn.net # Reference: https://www.virustotal.com/gui/domain/paknavy-gov.net/detection paknavy-gov.net # Reference: https://www.virustotal.com/gui/file/4b5e0ad20a8d143567cc424edf2010146e24a0b729de7ca0f66292141d363e57/detection cdn-aws.net cdn-src.net # Reference: https://twitter.com/BaoshengbinCumt/status/1354270351702691843 del-ivery.net trans-aws.net # Reference: https://twitter.com/jfslowik/status/1362782587345727492 cdn-secure.net # Reference: https://twitter.com/h2jazi/status/1363683531067715584 # Reference: http://hackdig.com/02/hack-280699.htm # Reference: https://app.any.run/tasks/b88e935c-b17a-4429-acdc-65156804ad1c/ # Reference: https://otx.alienvault.com/pulse/6033e84e6fb8fc369323e8e3/ 151.236.11.147:57670 alsalaf.info gov-pk.info govt-pk.org gov-pak.org pk-gov.org attachments.gov-pk.info nhsrcgovpk.servehttp.com contact.gov-pak.org onedrives.pk-gov.org support.govt-pk.org support.gov-pak.org support-gov.myftp.org # Reference: https://twitter.com/DeadlyLynn/status/1367746507974270981 # Reference: https://www.virustotal.com/gui/file/bb58796f79a913a985eb41f0d12446e7ae8fe99fd3f0d432d77d8d82f202bf5f/detection cdn-pak.net fqn-mil.net mailmofagovpk.cdn-pak.net # Reference: https://twitter.com/BaoshengbinCumt/status/1369916500014821377 afd-bdmil.cdn-pak.net fmprc.cdn-pak.net ibn.cdn-pak.net mofa.cdn-pak.net oimc.cdn-pak.net pakbj.cdn-pak.net poly.cdn-pak.net trgdte.cdn-pak.net # Reference: https://www.virustotal.com/gui/domain/www-cdn.net/relations www-cdn.net # Reference: https://twitter.com/ShadowChasing1/status/1384743822953877505 afohs.mod-pak.co fbr.mod-pak.co shaheenfoundation.mod-pak.co mod-pak.co # Reference: https://twitter.com/BaoshengbinCumt/status/1384792855692988416 # Reference: https://www.virustotal.com/gui/ip-address/185.163.45.56/relations # Reference: https://www.virustotal.com/gui/file/37a3855e05c63fdab773fdd39da021f2daf1961cc8137385db079960bdfa18c7/detection edu-mil.cn iugur.live bmac.iugur.live mofa.iugur.live # Reference: https://twitter.com/BaoshengbinCumt/status/1387233200871673856 # Reference: https://mp.weixin.qq.com/s/GWVz02_jGaUt_n9JxB1OwQ autodiscover.mofagov-pk.online cpanel.mofagov-pk.online cpcalendars.mofagov-pk.online cpcontacts.mofagov-pk.online dgmi-share-folder-nepalarmy-mil-np-coas-sambodhan-pdf.netlify.app email-nepalarmy-mil-np-owa.netlify.app imail.aop.gov.af.egateway.nsc-gov.com mail-nepalarmy-mil-np-fsdafjsd.herokuapp.com mail-nepalarmy-mil-np-login-download.netlify.app mail-nepalarmy-mil-np-view.netlify.app mail-nepalpolice-gov-np-loginn.herokuapp.com mail-nscaf.hopto.org mail-ntmail-ntcnetnp.serveftp.comcnetnp.serveftp.com mail.mofagov-pk.online medeclinic.ae mil-pk.net mod-cn.trans-del.net mofagov-pk.naatlibrary.com mofagov-pk.online naatlibrary.com nepalarmy.trans-del.net nsc-gov.com nsc-gov.net polyinc-global.trans-del.net trans-del.net webdisk.mofagov-pk.online webmail.mofagov-pk.online www-punjabpolice-gov-pk-sopforsecurityofforeignersandchinese.trans-aws.net # Reference: https://twitter.com/ShadowChasing1/status/1391976060472860675 paf-gov.com img-google.paf-gov.com # Reference: https://twitter.com/ShadowChasing1/status/1396809305194590211 # Reference: https://www.virustotal.com/gui/file/caaf44f16dcbee93071887ab6844ed79975ccd20f9008deb93c13bfdb436e0b0/detection bahariafoundation.org pmaesa.bahariafoundation.org # Reference: https://twitter.com/ShadowChasing1/status/1397135889327804417 comsates.org crisismanagementunit.comsates.org mofa-gov-pk-wireless.comsates.org # Reference: https://twitter.com/ShadowChasing1/status/1398171992554053632 # Reference: https://www.virustotal.com/gui/file/ff54e9228b7160f9272d67ad1423600d2cb7aa4d335412a28b11f63a517270fe/detection cdn-gov.net # Reference: https://twitter.com/Des00464472/status/1399969790471507968 paknavy-gov-cvic.fbise.org # Reference: https://twitter.com/BaoshengbinCumt/status/1403292104671916032 cdn-in.net punjabpolice.gov.pk.standingoperatingprocedureforemergencythreat.cdn-in.net # Reference: https://twitter.com/ShadowChasing1/status/1412695070659153925 # Reference: https://twitter.com/0xrb/status/1412727167151005703 pakmarines.com as.pakmarines.com dsadsa.pakmarines.com gov.pakmarines.com jmicc-gov-pk.pakmarines.com pmaesa.pakmarines.com pnwc-gov-pk.pakmarines.com pqa.gov.pakmarines.com # Reference: https://twitter.com/ShadowChasing1/status/1420762840479109122 # Reference: https://twitter.com/ShadowChasing1/status/1420762846980308999 # Reference: https://www.virustotal.com/gui/file/468351924d611359fb181855331da98359bb1b926b5ce3ee8cd3330986d6e12c/detection # Reference: https://www.virustotal.com/gui/file/84d5a31227eaa3be1134bb6f5a2f92c2621e738ee0c0c4f84758ae8d79d09526/detection pak-web.com fbr.pak-web.com # Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480 nitb.pk-gov.org # Reference: https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ (Chinese) # Note: APT-C-48 http://213.227.154.175 http://78.142.29.118 141.136.0.91:443 213.227.154.175:443 91.193.18.248:443 cert.pk-gov.org dns1.pk-gov.org nccs.pk-gov.org ntc-pk.sytes.net quwa-paf.servehttp.com /F453457Pl_TMP347923592380/ /pl200_TMP2831474WDF.php # Reference: https://twitter.com/ShadowChasing1/status/1466001768765018116 # Reference: https://www.virustotal.com/gui/file/38853bf262979313483310502d14a78db147586880d34571edf4d90e4bf05eb1 mofa.live aitkenspencelogistics.mofa.live careitservices.mofa.live dsfvgbh.mofa.live paknavy.mofa.live # Reference: https://twitter.com/ShadowChasing1/status/1466686780531363840 # Reference: https://www.virustotal.com/gui/file/92dbd7f4399bce8b75e2c248af855df498bbed7e342c2d98ff6fcf15b611c50e webarchive-datacenter.herokuapp.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/ afghannewsnetwork.com afrepublic.xyz amsss.in appsstore.in eurekawatersolution.com maajankidevisevasansthan.org newsroom247.xyz republicofaf.xyz scouttable.xyz securecheker.in securedesk.one scout.fontsplugins.com # Reference: https://twitter.com/souiten/status/1467674804211777536 # Reference: https://twitter.com/souiten/status/1467689489145339915 # Reference: https://twitter.com/souiten/status/1467693133001486337 # Reference: https://www.virustotal.com/gui/file/04206a2217be8d09e6dc6989d2a2b9aae8623f8fac962e5e07d9fa1a1577998b/detection 173.212.242.43:57149 paryavaranindia.com/css/files/docs/Updated-Leave-Rules-Fourth-Edition/css paryavaranindia.com/css/files/hulfz/ # Reference: https://twitter.com/h2jazi/status/1469399194435735553 # Reference: https://twitter.com/h2jazi/status/1469399196369313792 # Reference: https://www.virustotal.com/gui/file/2cf842ec2bac099d200c079375a4be7a4d0b3b5869dd739582b7df168e6c4fb6 # Reference: https://www.virustotal.com/gui/file/a7b52acc18ce7fd14b4a410019a1f0042a6743dcbe887e82d498130848ce195c/detection # Reference: https://www.virustotal.com/gui/file/c02108f0b413ecdcb8fe48ff445cb75d45324bfd06734011409de57c7cfdeb73/detection # Reference: https://www.virustotal.com/gui/file/4219de40e65c89ecba9bd392f744fa26b867cad82d1b994e1e9266482089d8f9/detection # Reference: https://www.virustotal.com/gui/file/16467586cb1a11ce2e1ca81ae6fb490fbc8f5602245f883c14e940189dfd2b79/detection http://62.171.172.199 62.171.172.199:443 62.171.172.199:81 # Reference: https://twitter.com/GGGGh0st/status/1471323446713864193 # Reference: https://www.virustotal.com/gui/file/1bf584616477e16b54d6be7ce4d69f7ea26ee7841ec9a17ed162f4d560ab125a/detection 62.171.187.53:43 62.171.187.53:44 62.171.187.53:45 # Reference: https://twitter.com/ShadowChasing1/status/1474901903418949636 # Reference: https://twitter.com/ShadowChasing1/status/1474901905474129922 # Reference: https://www.virustotal.com/gui/file/d3a0b7c5a1eafbf7d381b6ee064083496476163da5dfed53096fac36c2b30738/detection bahariafoundation.live compress.bahariafoundation.live invitation.bahariafoundation.live mohgovsg.bahariafoundation.live pnwc.bahariafoundation.live # Reference: https://twitter.com/ShadowChasing1/status/1435546349856907268 # Reference: https://www.virustotal.com/gui/file/da08044373bc9bd54fd2ead9705446917e8f6e53d32f0885854e720e601cdbef/detection asw-sns.link edu-cx.org afd.edu-cx.org f.edu-cx.org fsfdsf.edu-cx.org go.edu-cx.org mofagovpk.edu-cx.org paknavy.edu-cx.org rkvisa200de.edu-cx.org rrkvisa200de.edu-cx.org yahoo.edu-cx.org # Reference: https://twitter.com/ShadowChasing1/status/1433038639961804800 # Reference: https://www.virustotal.com/gui/file/8a1c9a28ba0c74bafd71705aa12128831d66bbae06536a81d680cd207e740a65/detection ppra.live nima.ppra.live # Reference: https://twitter.com/ShadowChasing1/status/1427258373532119044 # Reference: https://www.virustotal.com/gui/file/66ddbdfe9328d6a3f49abbb814252617fce0e05934ceeef9813e8bd30385fe50/detection ppinewsagency.live behr.ppinewsagency.live # Reference: https://twitter.com/h2jazi/status/1478496217789341698 # Reference: https://www.virustotal.com/gui/file/df0b09c9f359f2e086e5e6b78f6fc6f63c9be1c6023cc6ee1e698d6e0daba31b/detection teckblog.live ms.teckblog.live # Reference: https://twitter.com/s1ckb017/status/1478750005594927109 # Reference: https://twitter.com/s1ckb017/status/1478750907827429380 # Reference: https://twitter.com/500mk500/status/1478758092611407876 # Reference: https://www.virustotal.com/gui/ip-address/164.68.108.153/relations # Reference: https://www.virustotal.com/gui/file/88a174855020c69d7719779a09c9b1058ec6732aa0fb04343c1d82fe13ca2e6e/detection # Reference: https://www.virustotal.com/gui/file/f4777f8751ed6818a693817513a5685f13a249803658d1f12190d7b1aa26079e/detection # Reference: https://www.virustotal.com/gui/file/9abd42a9f2cc147db47d4bb9598870eab96a2094964e97a6cb231f58d4d4ada2/detection # Reference: https://www.virustotal.com/gui/file/c401fc82d3ffdf118aac1bc247838fcd554b7faa3fd10aaa00ed83d80d00b87b/detection 164.68.108.153:4142 164.68.108.153:5000 164.68.108.153:8062 digitalworldonline.net # Reference: https://twitter.com/uslss_etr/status/1478784684452720646 # Reference: https://www.virustotal.com/gui/domain/paknvay-pk.net/relations # Reference: https://www.virustotal.com/gui/ip-address/94.158.245.67/relations # Reference: https://www.virustotal.com/gui/file/146e2c51cd7c904e0eeb641daa6ee956e80b48b198b9d2a9fd9b92b68399f9d1/detection # Reference: https://www.virustotal.com/gui/file/e74be8bbad2fa8577b7383e6ad4dffd5d0cd44e75c0a7148a971c417d38d8ee7/detection paknvay-pk.net careitservices.paknvay-pk.net dgpr.paknvay-pk.net mofa.paknvay-pk.net # Reference: https://www.virustotal.com/gui/domain/cdn-noc.net/relations cdn-noc.net # Reference: https://twitter.com/souiten/status/1474200802344386560 # Reference: https://www.virustotal.com/gui/file/ed4912f09e212479a319de1e95dd3e7d0e3574658be60782369c0e7a19ae0173/detection 62.171.172.199:88 # Reference: https://twitter.com/h2jazi/status/1479502335328112645 # Reference: https://www.virustotal.com/gui/ip-address/144.126.141.41/relations # Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection # Reference: https://www.virustotal.com/gui/file/947b81c1ecdb34533f7bc9c41d6678fa525c17eae5b8f383e89c6c66db0743c1/detection afcat.xyz # Reference: https://twitter.com/alex_lanstein/status/1479569375971713029 # Reference: https://pastebin.com/9HwieuS2 moma-pk.org dfgrthy.moma-pk.org mofa.moma-pk.org sppc.moma-pk.org # Reference: https://www.virustotal.com/gui/domain/cvix.live/relations cvix.live cn.cvix.live cosmic.cvix.live defencelk.cvix.live mailaplf.cvix.live mailmfagovnp.cvix.live mailmofagoug.cvix.live mailmofagovpk.cvix.live mailoutlookcom.cvix.live mailyahoocom.cvix.live # Reference: https://twitter.com/ShadowChasing1/status/1481583143735808001 # Reference: https://www.virustotal.com/gui/file/cb933361cd6c26ca61c441a40da394a505086f572fd7e9bd425bf086adf50edc/detection ministry-pk.net cabinet-gov-pk.ministry-pk.net # Reference: https://twitter.com/cyber__sloth/status/1485361081329631236 email-gov-in.digital mailnic.info indianarmy.mailnic.info kavach.mailnic.info mod.mailnic.info passapp.mailnic.info # Reference: https://twitter.com/uslss_etr/status/1489274205917044736 # Reference: https://www.virustotal.com/gui/file/85ab1c3ee01c5456eb45bf13c69dda88fa014a1dc5e832bdaa3e801a29d84ccd/detection aeltron.xyz incometaxreturn.aeltron.xyz instructions.aeltron.xyz rgdtyt.aeltron.xyz # Reference: https://twitter.com/ShadowChasing1/status/1490984172797984770 # Reference: https://www.virustotal.com/gui/file/eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7/detection mod-pk.com dgmp-paknavy.mod-pk.com # Reference: http://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html # Reference: https://www.virustotal.com/gui/ip-address/45.153.240.66/relations changeworld.hopto.org mail-argaf.myftp.org mail-meagovmv.hopto.org mail-modaf.hopto.org mail-modgav.hopto.org mail-mofa.hopto.org mail-mofagovpk.myftp.org mail-mopitgovnp.hopto.org mail-nepalpolgavnp.hopto.org mail-nepalpolice.hopto.org mail-opmcmgavnp.hopto.org microsoft-winupdate.servehttp.com teamchat.hopto.org webmail-accbt.hopto.org webmail-morrgovaf.hopto.org # Reference: https://twitter.com/souiten/status/1491681294391992325 # Reference: https://www.virustotal.com/gui/file/44c720bc1adde78e11c202615260fb9e2e4301cf06edfefe06cde09a373a6c0e/detection asianetnews.xyz awww.asianetnews.xyz mofa-gov-pk.asianetnews.xyz ofa-gov-pk.asianetnews.xyz # Reference: https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt bbcworld-news.net newsinbbc.com # Reference: https://twitter.com/uslss_etr/status/1496118824944697345 # Reference: https://www.virustotal.com/gui/file/94214e83441e3a6a5cde971f6abe0d4bf226fd0750a0ad26d2241c085de9b604/detection crclab-bahria.org dbms.crclab-bahria.org # Reference: https://twitter.com/__0XYC__/status/1502593457201811459 nationalhelpdesk.pk pkgov.org sngpl.org.pk bok.pkgov.org bop.pkgov.org csd.pkgov.org cybernet.pkgov.org dawn.pkgov.org energy.pkgov.org fauji.pkgov.org mail.pkgov.org mofa.pkgov.org myth.pkgov.org nespak.pkgov.org nitb.pkgov.org nlc.pkgov.org np.pkgov.org nrlpak.pkgov.org ns1.pkgov.org ns2.pkgov.org ntc.pkgov.org ntdc.pkgov.org ogdcl.pkgov.org pakoil.pkgov.org parco.pkgov.org pmo.nationalhelpdesk.pk pmsa.pkgov.org ptcl.pkgov.org ptv.pkgov.org radio.pkgov.org sco.pkgov.org ssgc.pkgov.org sui.nationalhelpdesk.pk wapda.pkgov.org web.sngpl.org.pk whale.pkgov.org email.nespak.pkgov.org email.nitb.pkgov.org email.nlc.pkgov.org lotussrv01.fauji.pkgov.org mail-corp.cybernet.pkgov.org mail.bok.pkgov.org mail.bop.pkgov.org mail.csd.pkgov.org mail.dawn.pkgov.org mail.mofa.pkgov.org mail.nrlpak.pkgov.org mail.ntc.pkgov.org mail.ntdc.pkgov.org mail.ogdcl.pkgov.org mail.pakoil.pkgov.org mail.pkgov.org mail.pmsa.pkgov.org mail.ptv.pkgov.org mail.radio.pkgov.org mail.sco.pkgov.org parchqwebmail.parco.pkgov.org webmail.cybernet.pkgov.org webmail.ssgc.pkgov.org webmail.wapda.pkgov.org zmail.ptcl.pkgov.org # Reference: https://twitter.com/ShadowChasing1/status/1504347312838959106 # Reference: https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/ # Reference: https://www.virustotal.com/gui/domain/kpt-pk.net/relations # Reference: https://otx.alienvault.com/pulse/624c29baad734a210134b02c # Reference: https://www.virustotal.com/gui/file/f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca/detection kpt-pk.net awww.kpt-pk.net job.kpt-pk.net maritimepakistan.kpt-pk.net # Reference: https://twitter.com/ShadowChasing1/status/1512011407838961664 # Reference: https://www.virustotal.com/gui/file/37baf7415c755688e1e89679130b5cfd713d662330734eb310089d1f2afd82b8/detection ksew.org srilankanavy.ksew.org # Reference: https://twitter.com/ShadowChasing1/status/1518594904393355264 # Reference: https://www.virustotal.com/gui/file/5dfe303f04e3432101b676fa0f230667eb6c9bc1715d5b4042f99d9522aa00fe/detection ksewpk.com defrgthyj.ksewpk.com mofabn.ksewpk.com # Reference: https://twitter.com/botlabsDev/status/1522500574956109825 # Reference: https://www.virustotal.com/gui/file/b3caa7ce9a8de209d5a63ab95485c1181f7fca03346330fe92ff3c0a0a9c1040/detection paknavy.live awww.paknavy.live dxfgbdfh.paknavy.live pmsa.paknavy.live yfghvjb.paknavy.live # Reference: https://twitter.com/blackorbird/status/1526840629010894848 # Reference: https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg # Reference: https://otx.alienvault.com/pulse/6285048d921d21c8d9beaf1f # Reference: https://www.virustotal.com/gui/domain/cssc.info/relations cssc.info job.cssc.info mailcantonfair.cssc.info mailcitifs.cssc.info mailgu.cssc.info mailmofa.cssc.info mailturkmenembassy.cssc.info mofa.cssc.info rancher.cssc.info sdgsfg.cssc.info # Reference: https://twitter.com/__0XYC__/status/1528616671103131649 # Reference: https://www.virustotal.com/gui/ip-address/92.118.190.165/relations # Reference: https://www.virustotal.com/gui/file/fedc3b7cdb07f7b6f5a6bc85720528057297282bfae7960b3d33001ab34a51d6/detection govpk-mail.net csd.govpk-mail.net finance.govpk-mail.net # Reference: https://twitter.com/__0XYC__/status/1529707301979947009 # Reference: https://twitter.com/0xrb/status/1529709439808602113 # Reference: https://www.virustotal.com/gui/domain/interior-pk.org/relations # Reference: https://www.virustotal.com/gui/file/6f4e89fce6a490d619cad9078079c6f6694b2798fc875288faa92b721f25d3cb/detection comsats.xyz interior-pk.org awww.interior-pk.org mofa-gov.interior-pk.org punjab.interior-pk.org paknavy.comsats.xyz # Reference: https://twitter.com/virqdroid/status/1532094635170238464 # Reference: https://twitter.com/ReBensk/status/1532245757322924032 # Reference: https://www.virustotal.com/gui/ip-address/2.56.245.21/relations pakgov.net covid.pakgov.net csd.pakgov.net dvdbhjk.pakgov.net finance.pakgov.net financial.pakgov.net flix.pakgov.net hajj.pakgov.net ji.pakgov.net nadra.pakgov.net ncoc.pakgov.net nhsrc.pakgov.net pt.pakgov.net vpn.pakgov.net wsde.pakgov.net ww2.pakgov.net # Reference: https://blog.group-ib.com/sidewinder-antibot # Reference: https://otx.alienvault.com/pulse/62987c8eafd38f2088986035 bahariafoundation.org bbcnew.cn bitlyy.me cdn-pak.net cloud-apt.net cr20g.org csd-pk.co cvix.live dawnpk.org docuserve.ltd edu-cx.org fdn-trace.net fileserve.work gov-mail.net gov.pakmarines govpk-mail.net iugur.live kdf-mail.com kpt-pk.net krlwin.org ksew.org mod-pk.com mohp-gov.org moma-pk.org paf-gov.net pafwa.info pak-gov.com pak-web.com pakgov.net pakgov.org pakmarines.com paknvay-pk.net pkrepublic.org ppinewsagency.live tin-url.com vpn-secure.co api.vpn-secure.co as.pakmarines.com askari.bitlyy.me askaribank.bitlyy.me bangladeshmarineacademylibrary.ppinewsagency.live bb.kdf-mail.com china.bbcnew.cn covid.bbcnew.cn covid.pakgov.net covid.pkrepublic.org covid19.mohp-gov.org csd.bitlyy.me csd.pakgov.net dasds.pak-gov.com dasdsadsa.pak-gov.com dawn.pakgov.org defencelk.cvix.live dgmp-paknavy.mod-pk.com dgpr.paknvay-pk.net dha.pakgov.org dsadsa.pakmarines.com dsasa.cr20g.org faujifoundation.bitlyy.me fbr.pak-web.com fdscv.tin-url.com finance.govpk-mail.net finance.pakgov.net financial.pakgov.net flix.pakgov.net hajj.pakgov.net hajjplanner.bitlyy.me hajjplanner.tin-url.com hbl.pakgov.org hpupdate.csd-pk.co ibn.cdn-pak.net independenceday.pafwa.info islamabadclub.docuserve.ltd islamicfinder.bitlyy.me ji.pakgov.net jp.pkrepublic.org karachishipyard.krlwin.org ltd.cdn-pak.net luckydraw.csd-pk.co mail.paf-gov.net mail.pak-gov.com mailmofagovpk.cdn-pak.net mailoutlookcom.cvix.live maritimepakistan.kpt-pk.net meet.kdf-mail.com min.tin-url.com ministryofinterior.fileserve.work mofa-gov-pk.fdn-trace.net mofa.iugur.live mofa.paknvay-pk.net nadra.pakgov.net ncoc.pakgov.net news.bitlyy.me news.dawnpk.org news.kdf-mail.com news.pakgov.org news.pkrepublic.org nhsrc.pakgov.net niims.pakgov.org paf.gov-mail.net pafroa.pak-gov.com paknavy.edu-cx.org pk.kdf-mail.com pkflix.bitlyy.me pkflix.tin-url.com pmaesa.bahariafoundation.org pqa.gov.pakmarines.com pt.pakgov.net sbp.pakgov.org sec-vpn.bitlyy.me secp.pakgov.org secure.tin-url.com shoprex.bitlyy.me smstest.kdf-mail.com sppc.moma-pk.org srilankanavy.ksew.org t.bitlyy.me telemart.bitlyy.me ubl.pakgov.org vim.kdf-mail.com vpn.pakgov.net vpn.tin-url.com wsde.pakgov.net wsed.pkrepublic.org ww2.pakgov.net xyz.kdf-mail.com # Reference: https://twitter.com/GroupIB_GIB/status/1532651046111023104 # Reference: https://www.virustotal.com/gui/file/e089dc65af44ff334304e52c29755c96460691d93cfd4e4ab75f75bc6078993e/detection # Reference: https://www.virustotal.com/gui/file/42b828e187e4b7f1ca5d774553c8b85c1fed204a2a5a8c50fd4c7e9a491fb118/detection almighty-allah.com supremeallah.world api.almighty-allah.com api.supremeallah.world # Reference: https://twitter.com/GroupIB_GIB/status/1532651049776865280 # Reference: https://www.virustotal.com/gui/domain/srvapp.co/relations # Reference: https://www.virustotal.com/gui/ip-address/185.225.19.142/relations # Reference: https://www.virustotal.com/gui/file/c17cbe229e743df8993b96f2887393b2565ae355f3ba61d09c901e552e7ee4d1/detection srvapp.co awww.srvapp.co discount.srvapp.co localhost.srvapp.co register.srvapp.co # Reference: https://twitter.com/blackorbird/status/1534373342446202881 # Reference: https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg (Chinese) # Reference: https://www.virustotal.com/gui/file/d74900bf7418f3ad39a5ab27326ad6591f792d1dfdfe44deb89f1b319b7d83b4/detection afg-refugee.net brwse.co civix.live crclab-bahria.org cssc.info cvix.live dawnpk.org docusserve.cc docusserve.ltd doken.xyz fdn-mac.net filedownload.work gov-pk.net kpt-pk.net ministry-pk.net mod-pk.com mofa-pk.co nationpk.org norter.xyz paf-gov.net paf-mail.com pak-gov.net pakgov.net pakgov.org paknavy.live pkrepublic.org slap-games.club trik.live watch-earn.live api.watch-earn.live # Reference: https://twitter.com/h2jazi/status/1536330475656171520 # Reference: https://www.virustotal.com/gui/file/cf79ecafd3e1ae354fcf9cf33acdb06b6b64dc9a8128656a9d27ff94e154f9c4/detection bahriafoundation.live pnwc.bahriafoundation.live # Reference: https://otx.alienvault.com/pulse/62a864daa688835ed774c449 srvapp.co register.srvapp.co # Reference: https://twitter.com/h2jazi/status/1536707820799807489 # Reference: https://www.virustotal.com/gui/ip-address/5.230.71.95/relations # Reference: https://www.virustotal.com/gui/file/4bad3e34a192a8f305e188538b4370ea835446cc6ba32fe046d9a5f2bc3df172/detection jmicc.xyz navy.jmicc.xyz navy-mil-bd.jmicc.xyz # Reference: https://twitter.com/malwareforme/status/1540037682314629120 # Reference: https://www.virustotal.com/gui/ip-address/5.230.69.153/relations # Reference: https://www.virustotal.com/gui/file/ee77e136f7df758c2ab9092529dc5c6b64b35bc9f4d2c16c65bcd05965ccd92a/detection alit.live bdmil.alit.live mailmofa.alit.live mailh.alit.live # Reference: https://twitter.com/BaoshengbinCumt/status/1545247231938244610 mail-mofa-gov-pk-satellite-proposal-for-pakistan-files-ops.netlify.app # Reference: https://twitter.com/Malwar3Ninja/status/1545376308196147200 mofa-pk.org br.mofa-pk.org mofa.g0v.cq.cn # Reference: https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/ # Reference: https://otx.alienvault.com/pulse/62cffda72568807d4e9a9f2e # Reference: https://www.virustotal.com/gui/ip-address/5.230.67.73/relations # Reference: https://www.virustotal.com/gui/file/898513123f0f0342b1c47a4a65c88a60f895f90a9d0fa5fc5928c26dfab622b0/detection bgevin.live eterplicity.live polvcrit.info cdn.bgevin.live cdn.polvcrit.info /W6taHcwqKwhgzWGWr7ElpRAfWA7JcsXC0A2a4eFv/ # Reference: https://twitter.com/h2jazi/status/1549762807624880128 # Reference: https://www.virustotal.com/gui/file/cd1a9ae4a3968643a6fb41b36b67838d952dac83ad63c63ce4ad3c672fac31b8/detection kpt-gov.org discount.kpt-gov.org ksew.kpt-gov.org # Reference: https://twitter.com/h2jazi/status/1550524741202726919 # Reference: https://www.virustotal.com/gui/file/a28a5417d707ecae61313bd5b7c53736d40afba2280cd7ae673963075ae37072/detection paf-gov.org awww.paf-gov.org summer.paf-gov.org finance.paf-gov.org # Reference: https://twitter.com/Des00464472/status/1550064523964338176 # Reference: https://www.virustotal.com/gui/ip-address/5.230.72.15/relations ghaflah.top cdn.ghaflah.top # Reference: https://twitter.com/Des00464472/status/1548924681008590853 mawazna.info # Reference: https://twitter.com/Des00464472/status/1531519247293513728 bluket.live # Reference: https://twitter.com/Des00464472/status/1528935733888970753 # Reference: https://www.virustotal.com/gui/ip-address/185.234.72.188/relations # Reference: https://www.virustotal.com/gui/ip-address/45.138.172.23/relations balcon.live greploc.live cdn.greploc.live tray.balcon.live treaty.balcon.live # Reference: https://twitter.com/Des00464472/status/1555024895020769280 paf-media.com # Reference: https://twitter.com/Des00464472/status/1553931751852244992 # Reference: https://www.virustotal.com/gui/ip-address/192.71.166.139/relations ubrig.live cdn.ubrig.live # Reference: https://twitter.com/Des00464472/status/1559010528013729792 fritor.xyz cdn.fritor.xyz # Reference: https://twitter.com/Des00464472/status/1559395659559899136 # Reference: https://www.virustotal.com/gui/ip-address/151.236.21.26/relations nelpec.top cdn.nelpec.top # Reference: https://twitter.com/uslss_etr/status/1562641328055336960 # Reference: https://www.virustotal.com/gui/ip-address/103.149.46.237/relations # Reference: https://www.virustotal.com/gui/file/efac11fcecbceb4e6273852207a3875ac1edd69158415c3a0bba704e58adeb2c/detection office-drive.live dsfbgnh.office-drive.live sl-navy.office-drive.live # Reference: https://twitter.com/Des00464472/status/1567657961887252480 # Reference: https://www.virustotal.com/gui/ip-address/5.255.104.124/relations cssc.live mailarmy.cssc.live mailoutlook.cssc.live # Reference: https://twitter.com/Des00464472/status/1569818563657224193 gov-pknet.org # Reference: https://twitter.com/malwrhunterteam/status/1570061932706635781 # Reference: https://twitter.com/h2jazi/status/1570070185620512768 # Reference: https://www.virustotal.com/gui/file/719cbc3e08d90d557d464f1a27498626c1b76d6e8db302cb53cb3013a1c35dee/detection d2klia4zfdp2mg.cloudfront.net # Reference: https://twitter.com/uslss_etr/status/1570487402694590464 # Reference: https://www.virustotal.com/gui/file/53cc8f46f10e4b3958834d75b15db3aa0d8c86a63b8bd3e6ac180c05ce27d748/detection ptcl-gov.com mofadividion.ptcl-gov.com # Reference: https://twitter.com/Des00464472/status/1571639928483885056 hare-ap.live # Reference: https://twitter.com/RedDrip7/status/1575745702021705728 # Reference: https://www.virustotal.com/gui/file/e6a6066594160a053fe7d68d688b95920936d5880a37a2c91872fb2fc128adf6/detection # Reference: https://www.virustotal.com/gui/file/5eec9df0c62b8a0d8c922d366e38ac91907d2a7f5cd13a717d7714015ae362c1/detection # Reference: https://www.virustotal.com/gui/file/37eca58386fbf9c1e381f88776435565623e3d2d1e2b01218f7717b963449735/detection comsats-net.com lforvk.com moma.comsats-net.com promotionlist.comsats-net.com srilanka-navy.lforvk.com # Reference: https://twitter.com/bofheaded/status/1577197626852003840 # Reference: https://www.virustotal.com/gui/ip-address/173.249.18.251/relations # Reference: https://www.virustotal.com/gui/file/e5ca4a6c4d2dbd0343cf59d7eb7fb034f45b86c13c8d80b92f289b464828d3bf/detection # Reference: https://www.virustotal.com/gui/file/7034fd95d764429b5b4b84fc7e63fa259879c10a7c0786fa47e86f911970614e/detection http://173.249.18.251 drivebrox.xyz # Reference: https://twitter.com/__0XYC__/status/1580083623717658624 # Reference: https://twitter.com/__0XYC__/status/1580796395052670976 # Reference: https://www.virustotal.com/gui/file/cd592c969a3a940e43888a1902ec9e4605ed28676d3945ab84d72175fbc87253/detection # Reference: https://www.virustotal.com/gui/file/bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18/detection comsats-mail.pk ntc-gov.com paf-pk-gov.org finance.gov.pk.ntc-gov.com # Reference: https://twitter.com/Des00464472/status/1582922779707703297 bentec.tech front.bentec.tech # Reference: https://twitter.com/t3ft3lb/status/1582838910857932802 # Reference: https://www.virustotal.com/gui/file/808058f4e1c47b91cacfc032f348a617961a463d19ee5389f472d29c65197438/detection tsinghua.institute awww.tsinghua.institute fdgnyt.tsinghua.institute mail.tsinghua.institute # Reference: https://twitter.com/ShadowChasing1/status/1583063616667799552 # Reference: https://www.virustotal.com/gui/file/b27968c0d0f55a06cbf424cacf62d0b22e64f021c72d51d4adb0c1771709fe70/detection gov-net.co finance.gov-net.co # Reference: https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0 (# WarHawk) # Reference: https://www.virustotal.com/gui/ip-address/3.239.29.103/relations # Reference: https://www.virustotal.com/gui/file/58b3686e4255d32dbcf7dee9dac1d5be6d4692d086cde167da1e1a5e0e1b315a/detection # Reference: https://www.virustotal.com/gui/file/624c6b56ee3865f4a5792ad1946a8e86b876440a5af3bac22ac1dee92f1b7372/detection # Reference: https://www.virustotal.com/gui/file/7d3574c62df44b74337fc74ec7877792b4ffa1486a49bb19668433c3ca8836b5/detection # Reference: https://www.virustotal.com/gui/file/f97d5d3e1c2ceb3e9d23ae5b5d4e7c9857155df5acf7f67fee995cb041c797dc/detection http://146.190.235.137 74.125.196.113:53 customs-lk.org fia-gov.org nadra-pk.org 1c1157fa.caa.update.customs-lk.org 1d06bfb2.check.update.fia-gov.org 1d06bfb2.local.update.fia-gov.org 1d06bfb2.scan.update.fia-gov.org 64115cb6.check.update.fia-gov.org 753fa5b2.check.update.fia-gov.org a.bc.1d06bfb2.check.update.fia-gov.org a.bc.1d06bfb2.local.update.fia-gov.org a.bc.1d06bfb2.scan.update.fia-gov.org a.bc.64115cb6.check.update.fia-gov.org bc.1d06bfb2.local.update.fia-gov.org bc.1d06bfb2.scan.update.fia-gov.org bc.753fa5b2.check.update.fia-gov.org caa.update.customs-lk.org check.update.fia-gov.org generic.update.fia-gov.org lms.update.fia-gov.org local.update.fia-gov.org microsoft.update.fia-gov.org nadra.update.customs-lk.org scan.update.fia-gov.org update.customs-lk.org update.fia-gov.org nepra.org.pk/css/32-Advisory-No-32.iso /wh/glass.php # Reference: https://twitter.com/Des00464472/status/1585171289261891585 plokin.top count.plokin.top # Reference: https://twitter.com/Timele9527/status/1585824832842653696 # Reference: https://twitter.com/Timele9527/status/1585824983598538752 alit.info civix.site direct88.org fenctor.top file-server.co gov-netpk.net hblbank.co marksafe.org net-pk.org outlookk.co paf-govt.com paf-govt.org pak-navy.co paknavy.net paknavygov.org playstore.cloud reas.tech supportgovpk.co tinlly.co tinly.org vopler.tech # Reference: https://twitter.com/Des00464472/status/1586959212596563968 tonse.info rock.tonse.info # Reference: https://twitter.com/jaydinbas/status/1591096310870179840 # Reference: https://www.virustotal.com/gui/ip-address/5.230.74.58/relations # Reference: https://www.virustotal.com/gui/file/ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf/detection mofagov.com mailnepalarmy.mofagov.com # Reference: https://twitter.com/Des00464472/status/1592039315823276032 play-store.co google.play-store.co hostmaster.play-store.co # Reference: https://twitter.com/Des00464472/status/1592393354138259457 # Reference: https://www.virustotal.com/gui/ip-address/192.36.41.43/relations fbr.net-pk.org # Reference: https://twitter.com/Des00464472/status/1597099850075901957 # Reference: https://www.virustotal.com/gui/ip-address/158.255.211.188/relations # Reference: https://www.virustotal.com/gui/file/023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284/detection mofs-gov.org mailpakbj.mofs-gov.org mailv.mofs-gov.org # Reference: https://twitter.com/Des00464472/status/1597474158367379456 graty.tech guide.graty.tech # Reference: https://twitter.com/RedDrip7/status/1598252489866121216 # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.106/relations # Reference: https://www.virustotal.com/gui/file/cd09bf437f46210521ad5c21891414f236e29aa6869906820c7c9dc2b565d8be/detection bol-north.com abc.bol-north.com cdsve.bol-north.com dgdfvdf.bol-north.com dger.bol-north.com dvdf.bol-north.com fyujv.bol-north.com pnwc.bol-north.com pnwc.bol-north.com # Reference: https://twitter.com/Des00464472/status/1599652629403299840 appsrv.live # Reference: https://twitter.com/malwareforme/status/1600150609616949248 # Reference: https://www.virustotal.com/gui/file/bc9d4eb09711f92e4e260efcf7e48906dca6bf239841e976972fd74dac412e2f/detection downld.net paknavy-gov-pk.downld.net # Reference: https://twitter.com/t3ft3lb/status/1605501885531553797 # Reference: https://www.virustotal.com/gui/file/46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e/detection paf-govt.net csd.paf-govt.net # Reference: https://twitter.com/fr0s7_/status/1605917826711048193 # Reference: https://www.virustotal.com/gui/file/a2faee1e5fe8717d6360458f1fd6d83902a2c9c6bb2e84f9ea5e4b67ffafbebd/detection foodies.alit.info mail.alit.info maildefence.alit.info mailmofa.alit.info # Reference: https://twitter.com/Des00464472/status/1621434286816759808 # Reference: https://www.virustotal.com/gui/ip-address/5.255.105.243/relations pmdu-gov.org dsfgb.pmdu-gov.org elchxdnj.pmdu-gov.org ghj.pmdu-gov.org qhacgeao.pmdu-gov.org # Reference: https://twitter.com/GroupIB_TI/status/1625762101758140416 http://160.20.147.84 http://185.163.47.226 http://185.243.112.186 http://185.248.101.231 http://185.248.102.15 http://194.32.76.244 http://45.153.240.66 http://45.92.156.114 http://46.30.188.222 http://5.2.79.135 http://83.171.236.49 akamai.servehttp.com bankofceylon.sytes.net expolanka.serveftp.com gavaf.org gavnp.org lankabelltd.myftp.org mail-mohs.ddns.net mail.gavaf.org mail.nepal.gavnp.org nepal.gavnp.org nic-share.myftp.org nucleusvision.co outlook.gavaf.org sltelecom.servehttp.com sltmobitel.hopto.org srilankanairlines.redirectme.net webmail.gavaf.org windowupdate.myftp.org /@/@/h31l0 # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1626044765874814977 # Reference: https://www.virustotal.com/gui/ip-address/62.113.255.80/relations # Reference: https://www.virustotal.com/gui/file/0ad752520774efca09add91df67ec72d2b1a8b503975569b077e43f40fc7a599/detection mod-gov.org gysdj.mod-gov.org iididbiy.mod-gov.org service.mod-gov.org slpa.mod-gov.org # Reference: https://twitter.com/ThreatBookLabs/status/1628764544331059201 sinacn.co # Reference: https://twitter.com/jaydinbas/status/1629149185806069761 # Reference: https://www.virustotal.com/gui/file/f81d1c47a666d4ec32e69b3e1312dda62c932298e32cc42d5c0c6543589d96be/detection # Reference: https://www.virustotal.com/gui/file/3ed1dc92e8399f062e5e62e5483a87736e51ad4ce651f0628abf98d5e10aee27/detection kcps.edu.in/css/fonts/files/jquery/ kcps.edu.in/css/fonts/files/ntsfonts/ kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/ /graentsodocumentso/ganeshostwoso/ /graentsodocumentso/ /ganeshostwoso/ # Reference: https://twitter.com/StopMalvertisin/status/1630934296113577984 # Reference: https://www.virustotal.com/gui/file/cdcc1e6e62df117cc40103c3b2821c10fd5f0372cf06e238663e634a05741764/detection hpuniversity.in # Reference: https://twitter.com/suyog41/status/1633822870601363457 # Reference: https://twitter.com/bofheaded/status/1634309581705715712 # Reference: https://twitter.com/fmc_nan/status/1634096201577660416 # Reference: https://www.virustotal.com/gui/file/9aed0c5a047959ef38ec0555ccb647688c67557a6f8f60f691ab0ec096833cce/detection 144.91.72.17:8080 cornerstonebeverly.org/js/files/DRDO-K4-Missile-Clean-room cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso/pantomime.hta cornerstonebeverly.org/js/files/ntfonts/ cornerstonebeverly.org/js/files/ntfonts/avena # Reference: https://twitter.com/StopMalvertisin/status/1634084568608264192 # Reference: https://www.virustotal.com/gui/ip-address/79.141.174.208/relations # Reference: https://www.virustotal.com/gui/file/a45258389a3c0d4615f3414472c390a0aabe77315663398ebdea270b59b82a5c/detection bol-south.org mtss.bol-south.org # Reference: https://twitter.com/StopMalvertisin/status/1634084573620604934 # Reference: https://www.virustotal.com/gui/ip-address/5.255.106.249/relations # Reference: https://www.virustotal.com/gui/file/8af93bed967925b3e5a70d0ad90eae1f13bc6e362ae3dac705e984f8697aaaad/detection dowmload.net cstc-spares-vip-163.dowmload.net # Reference: https://twitter.com/bofheaded/status/1634290081627271168 connectiiest.com goinfinity.tech # Reference: https://twitter.com/StopMalvertisin/status/1638194026162827265 # Reference: https://www.virustotal.com/gui/file/7dcf935a24039dff2d084f41ab8ca318b28c53c01f9de069f087b3be15457ba9/detection defpak.org paknavy.defpak.org # Reference: https://twitter.com/ThreatBookLabs/status/1644346009198395392 awrah.live blesico.site # Reference: https://twitter.com/ThreatBookLabs/status/1645269421873840129 mod-gov.com # Reference: https://twitter.com/__0XYC__/status/1648577567840952321 # Reference: https://www.virustotal.com/gui/ip-address/2.58.14.249/relations fia-gov.com cabinet-division-pk.fia-gov.com dad.fia-gov.com desk.fia-gov.com foooders.fia-gov.com ghckjxvo.fia-gov.com m.fia-gov.com plbulcbo.fia-gov.com test.fia-gov.com tmlbxveb.fia-gov.com wndro.fia-gov.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1648890379943706625 halterarks.co.uk # Reference: https://twitter.com/jaydinbas/status/1653361390491430915 # Reference: https://www.virustotal.com/gui/ip-address/39.104.50.12/relations # Reference: https://www.virustotal.com/gui/file/88c10674bb6a53791bfe08497948699bf57ea9980a878a3a5fc1afb160d1d234/detection alibababackupcloud.com portal.alibababackupcloud.com secure.alibababackupcloud.com vpn.alibababackupcloud.com # Reference: https://twitter.com/500mk500/status/1653860821020049410 # Reference: https://www.virustotal.com/gui/file/d236df798c56b2a32ff744f16d93c6a0412b4caaf2ea35b171a3953b19609074/detection nadra-gov-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1655769610116038657 # Reference: https://threatbook.io/domain/ntc-pk.org ntc-pk.org # Reference: https://twitter.com/ThreatBookLabs/status/1656499255056687104 # Reference: https://www.virustotal.com/gui/ip-address/5.230.72.98/relations aliit.org cxvdfg.aliit.org # Reference: https://twitter.com/t3ft3lb/status/1656554005491859456 # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.198/relations # Reference: https://www.virustotal.com/gui/file/a703c6772e8bcf7cd0aef05ecbee4c7f7f39371d45b42bf1030df2be5261717c/detection dytt88.org mail-dmp-navy-pk.dytt88.org ministryofforeignaffairs-mofa-gov-pk.dytt88.org # Reference: https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan govpk.net paknavy-gov.com dgms.paknavy-gov.com forecast.comsats-net.com mailnavybd.govpk.net mailnavymilbd.govpk.net paknavy-gov-pkp.downld.net paknavy.jmicc.xyz paknavy.paknavy.live # Reference: https://twitter.com/ThreatBookLabs/status/1657207787397718018 daraz-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1657941419401805824 ntc-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1658323281420881926 govpk.org # Reference: https://www.bridewell.com/insights/news/detail/the-distinctive-rattle-of-apt-sidewinder aa173.bank-ok.com active.roteh.site aeryple.xyz agarg.tech ailyun.live amuck.scoler.tech article-viewer.com assbutt.xyz ausib-edu.org avail.freay.tech axis.heplor.biz bank-ok.com basic.gruh.site basis.agarg.tech blesis.live bless.agarg.tech bluedoor.click brac.tech brave.agarg.tech breat.info cater.sphery.live cdn.torsey.xyz ceiling.kalpo.xyz cert.repta.live climb.kalpo.xyz cluster.jotse.info confluence.assbutt.xyz countpro.info cpec.site csdstore.app cssc-net.co cvix.cc dirctt88.org directt88.org dolper.top dr-doom.xyz dsmes.xyz e-tohfa.net elopter.top enclose.info endure.sphery.live estate.ovil.tech fdrek.live file-download.co focus.mectel.tech focus.semain.tech found.neger.site found.troks.site freay.tech freedom.olerpic.info ftp.true-islam.org fujit.info gearfill.biz geoloc.top georgion.info gitlab.enclose.info glorec.tech gretic.info groove.olipy.info gruve.site hakimiya.live handle.proey.tech helpdesk-gov.info heplor.biz hertic.tech hldren.info hostmaster.enclose.info hread.live hyat.tech inkly.net insert.roteh.site islamic-path.com jester.hyat.tech jotse.info kalpo.xyz kito.countpro.info krontec.info leron.info leyra.tech lines.aeryple.xyz livo.silvon.site lucas.hertic.tech mat.trelin.tech mectel.tech mfagov.org moon.tfrend.org mopiler.top msoft-updt.net neger.site nelcec.info normal.aeryple.xyz offshore.leron.info olerpic.info olipy.info oprad.top opt.freay.tech ortra.tech ovil.tech paf-govt.info pak-gov.info pak-govt.net pak-news.info pastlet.live plors.tech portal.breat.info preag.info preat.fujit.info preat.info privacy.olerpic.info private.hldren.info proey.tech prol.info ptcl-gov.org rack.nelcec.info reay.tech repta.live reth.cvix.cc reveal.troks.site ridlay.live roof.wsink.live rugby.wsink.live sbp-pk.org sdfsdg.enclose.info semain.tech service.true-islam.org shortney.org shrtny.co shrtny.live silk.freat.site silvon.site sindhpolice-govpk.org sk.krontec.info spec.trelin.tech sphery.live split.tyoin.biz square.oprad.top srv-app.co storeapp.site straight.hldren.info support-twitter.com tab.gruve.site telemart-pk.com tfrend.org tiinly.co tinurl.click torsey.xyz treat.fraty.info trelin.tech troks.site true-islam.org tyoin.biz utilize.elopter.top verocal.info view.proey.tech vtray.tech wsink.live yrak.info zed.shrtny.live zolosy.top zone.vtray.tech zretw.xyz # Reference: https://twitter.com/ThreatBookLabs/status/1658669939010715653 # Reference: https://www.virustotal.com/gui/ip-address/192.36.27.97/relations efrgfh.pak-ntc.org emv1.pak-ntc.org service.pak-ntc.org # Reference: https://twitter.com/ThreatBookLabs/status/1659021576841601026 # Reference: https://www.virustotal.com/gui/ip-address/5.255.99.99/relations ntc-net.co emv1.ntc-net.co service.ntc-net.co # Reference: https://twitter.com/ThreatBookLabs/status/1660854037149884417 # Reference: https://www.virustotal.com/gui/ip-address/5.230.78.184/relations mofss.co drtgfhj.mofss.co emv1.mofss.co service.mofss.co # Reference: https://twitter.com/__0XYC__/status/1664581189766610944 # Reference: https://twitter.com/uslss_etr/status/1664705054069215252 # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.73/relations # Reference: virustotal.com/gui/file/e7d2d26cc056b607b7af96cc08d66a168555afc38cf29b37729f4b90141fa5db/detection http://149.129.237.253 cons-mofagovpk.servehttp.com ebill-ptclnetpk.servehttp.com flysmart-piaccompk.servehttp.com mail-armybd.servehttp.com mailtest-mofa.servehttp.com nlc-govpk.servehttp.com offers-ptclnetpk.servehttp.com online-csdgovpk.servehttp.com rewards-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/146.70.161.36/relations pkgov-mail.com emv1.pkgov-mail.com service.pkgov-mail.com # Reference: https://twitter.com/ThreatBookLabs/status/1663729069811458048 # Reference: https://www.virustotal.com/gui/ip-address/5.230.78.76/relations ruve.live cgate.ruve.live volt.ruve.live # Reference: https://twitter.com/ThreatBookLabs/status/1663400816907272192 # Reference: https://www.virustotal.com/gui/ip-address/5.255.124.203/relations pargue.tech # Reference: https://twitter.com/ThreatBookLabs/status/1661558607857717248 data-protect.tech # Reference: https://twitter.com/StopMalvertisin/status/1668668882108940288 # Reference: https://www.virustotal.com/gui/ip-address/13.213.47.21/relations # Reference: https://www.virustotal.com/gui/file/8a431314696e82f994dd7fd32e6151232a9bbdc948c64cc6ee8a6e3dc67bb4f6/detection csd-govpk.servehttp.com finance-govpk.servehttp.com ntc-govpk.serveftp.com ntc-govpk.servehttp.com vpn-ptclnetpk.servehttp.com # Reference: https://twitter.com/TLP_R3D/status/1672174181935464448 pk-co.info # Reference: https://www.group-ib.com/blog/hunting-sidewinder/ bol-south.com ptcl-govp.org ishd.directt88.org microsoft-365.directt88.org punjabpolice-gov-pk.fia-gov.com # Reference: https://twitter.com/ThreatBookLabs/status/1675852641874632705 fssp.tech # Reference: https://twitter.com/TLP_R3D/status/1676537779574931457 # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.52/relations mofagov.live # Reference: https://twitter.com/t3ft3lb/status/1676511378117648386 # Reference: https://www.virustotal.com/gui/file/4e86f36820d5e96739fa6ed192d410eeca975c3a2ec48e13eb98d3486c9262b0/detection mailsiis.alit.info # Reference: https://twitter.com/TLP_R3D/status/1676680838774136832 # Reference: https://www.virustotal.com/gui/ip-address/193.42.39.133/relations ptcl-gov.info # Reference: https://twitter.com/__0XYC__/status/1676905915885187073 # Reference: https://www.virustotal.com/gui/file/3ef7b9a872dc1247edb0f3947d0db681ff14be81cb46be22ce4f896f2d2dc7f0/detection pakistanarmy.xyz # Reference: https://twitter.com/ThreatBookLabs/status/1678384704679182336 # Reference: https://www.virustotal.com/gui/ip-address/5.230.74.80/relations mofa-gov.info # Reference: https://twitter.com/ThreatBookLabs/status/1678934448186728448 cylit.info # Reference: https://twitter.com/ThreatBookLabs/status/1679132754842390529 nbcot.info # Reference: https://twitter.com/ThreatBookLabs/status/1680766347255611394 mofagov.info # Reference: https://twitter.com/ThreatBookLabs/status/1680943216114253825 tref.tech # Reference: https://twitter.com/ThreatBookLabs/status/1681132716534923267 # Reference: https://www.virustotal.com/gui/ip-address/85.113.70.48/relations mod-pkgov.org mailafdbd.mod-pkgov.org # Reference: https://twitter.com/Axel_F5/status/1681354510642429982 # Reference: https://www.virustotal.com/gui/file/61a839aaba4807e492922a3ba0000b98568669626638acf5e5ed0b597fdd5e40/detection libreofficeupdates.com # Reference: https://twitter.com/Axel_F5/status/1669794530592170001 # Reference: https://www.virustotal.com/gui/file/b41d54a9686b312f9e114f62e6bf11e21c8e97dda477d488ca19e2afa45efc9e/detection plainboardssixty.com # Reference: https://twitter.com/Axel_F5/status/1597978238542057473 # Reference: https://www.virustotal.com/gui/file/f946663a780806693ea3fb034215bd6da25971eb07d28fe9c209594c90ec3225/detection sinacn.co mailtsinghua.sinacn.co mailstinghua.sinacn.co # Reference: https://mp.weixin.qq.com/s/ewGyvlmWUD45XTVsoxeVpg # Reference: https://otx.alienvault.com/pulse/64a445050a5e0f1018b5bf6d cloudplatfromservice.one gclouddrives.com # Reference: https://twitter.com/ThreatBookLabs/status/1696504153500213519 defpak.net # Reference: https://twitter.com/ThreatBookLabs/status/1697240572417974285 gyre.site # Reference: https://twitter.com/ThreatBookLabs/status/1698883638937657412 slic.live # Reference: https://twitter.com/suyog41/status/1706194781112537213 # Reference: https://twitter.com/TLP_R3D/status/1706262046587682998 # Reference: https://www.virustotal.com/gui/ip-address/185.117.90.59/relations # Reference: https://www.virustotal.com/gui/file/6e89d7eedc4088f1bcdf45171c41deb6c778e14141802c153496550f09b85fb7/detection mofa-gov.org pakarmy-govpk.net emv1.mofa-gov.org mailciieorg.mofa-gov.org maile.mofa-gov.org mailmofa.mofa-gov.org mailyafd.mofa-gov.org # Reference: https://twitter.com/suyog41/status/1708827613727531181 # Reference: https://www.virustotal.com/gui/ip-address/193.142.58.149/relations # Reference: https://www.virustotal.com/gui/file/e36e8244c06d88a5650783bfb3e0e85acd76b803a33018d48391f1ebcc849622/detection govpk.info cpanel.govpk.info dev.govpk.info endofmission.govpk.info intdtebangladesh.govpk.info invitation-letter.govpk.info mail.govpk.info mofa.govpk.info note1582023.govpk.info webdisk.govpk.info webmail.govpk.info ww1.govpk.info ww25.govpk.info ww38.govpk.info wwww.govpk.info wwww.invitation-letter.govpk.info # Reference: https://twitter.com/TLP_R3D/status/1708843583778763109 # Reference: https://www.virustotal.com/gui/ip-address/193.42.36.66/relations pak-army.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1713750113167053187 # Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations # Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection cloud-ptclnetpk.servehttp.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1697074761380278599 # Reference: https://www.virustotal.com/gui/ip-address/147.139.212.200/relations # Reference: https://www.virustotal.com/gui/file/78cea4a9ee2cce19f961c2ddd4972ec479c196c8e9f9763a95561e0f18776883/detection complaints-ntcgovpk.viewdns.net mail-mofagovpk.servehalflife.com mail-mofagovpk.serveirc.com mail-mofagovpk.viewdns.net mail-pmogovpk.servehttp.com ntdc-govpk.viewdns.net sharepakistanmofa.servehttp.com vibe-ptclnetpk.servehalflife.com # Reference: https://twitter.com/RedDrip7/status/1719897373185560890 # Reference: https://www.netskope.com/blog/a-look-at-the-nim-based-campaign-using-microsoft-word-docs-to-impersonate-the-nepali-government # Reference: https://www.virustotal.com/gui/ip-address/213.109.192.93/relations # Reference: https://www.virustotal.com/gui/ip-address/5.181.20.102/relations # Reference: https://app.validin.com/axon?find=213.109.192.93&type=ip # Reference: https://www.virustotal.com/gui/file/fd7a25223ffd731ad4f4a4083ef4a776e4c6f5b0a068b213859f780f1c44cd82/detection # Reference: https://www.virustotal.com/gui/file/d7f8173c108696584f9c1e36d72a3bb0785609d8951acab355a2e112a64497a4/detection http://213.109.192.93 dns-mofgovbt.ddns.net dof-govmm.sytes.net edms-vpn.ddns.net mail-dor.hopto.org mail-mofgovbt.hopto.org microsoftupdte.redirectme.net mpt-ap.servehttp.com myanmar-apn.serveftp.com telenor-mm.redirectme.net updatemanager.ddns.net windows-update.hopto.org /update/R0FNd0lCb0RGbU1VTUdwcQ==.php /update/R1JNU1p4a1RGbU1VTUdwcQ==.php /R0FNd0lCb0RGbU1VTUdwcQ==.php /R1JNU1p4a1RGbU1VTUdwcQ==.php # Reference: https://mp.weixin.qq.com/s/iWx2tGCLOR0JtDBnC3FOwQ (Chinese) asean-ajp.myftp.org cloud.nitc.gavnp.org dns.nepal.gavnp.org drsasa.hopto.org mail-mohs.servehttp.com mx1.nepal.gavnp.org mx2.nepal.gavnp.org mytel-mm.servehttp.com nitc.gavnp.org pdf-shanstate.redirectme.net pdf-shanstate.serveftp.com # Reference: https://twitter.com/TLP_R3D/status/1722667675468312942 # Reference: https://www.virustotal.com/gui/ip-address/212.83.46.137/relations mfa-gov.net mailmofagovmm.mfa-gov.net webmail.mfa-gov.net # Reference: https://twitter.com/ginkgo_g/status/1727155248081555886 # Reference: https://www.virustotal.com/gui/file/b5c001cbcd72b919e9b05e3281cc4e4914fee0748b3d81954772975630233a6e/detection # Reference: https://www.virustotal.com/gui/file/b60f71bfbdf86b8959cebc7585ec5a39e6cdd1c8efc80aa2bb8b051df4b8889b/detection # Reference: https://www.virustotal.com/gui/file/9a3481ad198c0ed8e0e9945a35387631784125d42a2132b8428e7bf041c1d397/detection # Reference: https://www.virustotal.com/gui/file/1246356d78d47ce73e22cc253c47f739c4f766ff1e7b473d5e658ba1f0fdd662/detection # Reference: https://www.virustotal.com/gui/file/696f57d0987b2edefcadecd0eca524cca3be9ce64a54994be13eab7bc71b1a83/detection govnp.org dns.govnp.org mofa.govnp.org nepal.govnp.org nitc.govnp.org mail.mofa.govnp.org mx1.nepal.govnp.org /mail/AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx /AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx /RWlVOGJCSUxEaVljT0dKaQ==.aspx # Reference: https://twitter.com/alex_lanstein/status/1727280460022300924 # Reference: https://twitter.com/BaoshengbinCumt/status/1727517020269527069 # Reference: https://twitter.com/k3yp0d/status/1727613488967614761 # Reference: https://twitter.com/k3yp0d/status/1727612826661896390 # Reference: https://www.virustotal.com/gui/ip-address/47.251.51.195/relations # Reference: https://www.virustotal.com/gui/ip-address/47.252.52.225/relations # Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations # Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection # Reference: https://www.virustotal.com/gui/file/47144b2a4fa036692dccc81f0414c5d7898da001075c3e3c9995665cf5603791/detection http://8.222.250.160 8.222.250.160:443 pakmail.cloud senate-pak.site yes2khalistan.online awards-piaccompk.serveftp.com cloud-ptclnetpk.servehttp.com fbr-taxupdates.serveblog.net /uPSnswhC # Reference: https://twitter.com/k3yp0d/status/1727695607203078193 # Reference: https://app.validin.com/axon?find=47.74.90.0&type=ip # Reference: https://app.validin.com/axon?find=47.74.90.10&type=ip alfalahtransct-bank.servehttp.com cloud-ntdc.servehttp.com e-servicesptclnetpk.servehttp.com e-supportntc.servehttp.com financeptcl-govpk.servehttp.com flysmart-piac.servehttp.com ogdclcloud-mysharep.servehalflife.com services-ptclnetpk.servehttp.com wetransfer.servehttp.com # Reference: https://twitter.com/Glacius_/status/1727968223088214182 # Reference: https://www.virustotal.com/gui/ip-address/5.230.54.3/relations # Reference: https://www.virustotal.com/gui/file/170ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9f/detection mofa-gov-pk.donwloaded.com police-gov-bd.donwloaded.com # Reference: https://twitter.com/Glacius_/status/1736687727721013448 # Reference: https://www.virustotal.com/gui/file/0e51c4f52b63e7ce231959168dbc4270b4fa451c58e3bd2081441e7d83915361/detection mailmfa.mofa-gov.info # Reference: https://twitter.com/Cuser07/status/1738790090326061060 # Reference: https://twitter.com/Joseliyo_Jstnk/status/1740672426906927562 # Reference: https://www.virustotal.com/gui/ip-address/77.83.196.59/relations # Reference: https://www.virustotal.com/gui/file/1a88ef58675971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323/detection # Reference: https://www.virustotal.com/gui/file/a11fab6de2c5111833e9e4a6f69ce5dded17085a3d8ae21c7fcfa00d7e113c9b/detection # Reference: https://www.virustotal.com/gui/file/b565bd60e9182746de76feeebe7f85902e22ee3a22d5d55a278be7340923806e/detection fia-gov.net apps.fia-gov.net cirt-gov-mm.fia-gov.net mofa-gov-bd.fia-gov.net mofa-gov-np.fia-gov.net moitt-gov-pk.fia-gov.net myanmar-gov-mm.fia-gov.net myoffice.fia-gov.net nepalcert-org.fia-gov.net opmcm-gov-np.fia-gov.net police-circular-gov-bd.fia-gov.net police-gov-bd.fia-gov.net # Reference: https://twitter.com/Joseliyo_Jstnk/status/1743190819245326808 # Reference: https://www.virustotal.com/gui/ip-address/5.180.114.198/relations # Reference: https://www.virustotal.com/gui/file/15ce7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646/detection # Reference: https://www.virustotal.com/gui/file/9d02bf092fdcf44a51ae6e264ec3e3e57afbe79622c92a797e33fb62ed495cda/detection # Reference: https://www.virustotal.com/gui/file/931aee9ba0e51804cb354a3a41830721e41a0fab6758aa19a43eaf1abe621b4d/detection # Reference: https://www.virustotal.com/gui/file/613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a/detection direct888.net mofa-gov-np.direct888.net mofa-gov-sa.direct888.net mopf-gov-mm.direct888.net navy-lk.direct888.net www-moha-gov-lk.direct888.net www-police-gov-bd.direct888.net wwww.direct888.net wwww.mofa-gov-sa.direct888.net # Reference: https://twitter.com/Joseliyo_Jstnk/status/1743223664391160170 # Reference: https://www.virustotal.com/gui/ip-address/69.61.36.170/relations gov-org.net lk.gov-org.net mm.gov-org.net mv.gov-org.net np.gov-org.net gov.lk.gov-org.net gov.mm.gov-org.net gov.mv.gov-org.net gov.np.gov-org.net defence.lk.gov-org.net immigration.gov.mv.gov-org.net mfa.gov.lk.gov-org.net mod.gov.np.gov-org.net mofa.gov.np.gov-org.net moha.gov.np.gov-org.net mohs.gov.mm.gov-org.net navy.lk.gov-org.net po.gov.mv.gov-org.net presidentoffice.lk.gov-org.net # Reference: https://twitter.com/Cuser07/status/1743214744910401794 # Reference: https://www.virustotal.com/gui/ip-address/2.58.15.71/relations # Reference: https://www.virustotal.com/gui/file/89d4d85592bf0b5e8b55c2d62c9050bfa8c3017f9f497134dbacbb2a0f13a09e/detection donwloaded.net president-gov-lk.donwloaded.net # Reference: https://medium.com/@fofabot/practical-fofa-asset-expansion-sidewinder-apt-389714a70061 academy.lesporc.live agency.lesporc.live api.argus.trondheim.bama.zoopit.no cdn.awrah.live cdn.cpec.site cdn.dolper.top cdn.dr-doom.xyz cdn.gearfill.biz cdn.geoloc.top cdn.hread.live cdn.plors.tech cdn.preag.info cdn.preat.info cdn.prol.info cdn.verocal.info civil.leyra.tech csla.blesis.live density.meplor.xyz deputy.meplor.xyz direct888.org employ.fdrek.live energy.fdrek.live lax036.relay.arandomserver.com lesporc.live lnkly.net meplor.xyz mu-api.anyremote.cn mxhichina.info nextgen.fia-gov.net ns.seiffenn.nohost.me resolve.preat.info seiffenn.nohost.me tercom.site test.api.68wx.com test.api.g.luohu8.com test.api.hzy.68wx.com test.es.68wx.com toss.tercom.site trust-crypto.net wide.storeapp.site wind.ridlay.live xmpp-upload.seiffenn.nohost.me # Reference: https://twitter.com/nahamike01/status/1747167370190458924 ntc-telecomcorporation.workers.dev elccorp-net.ntc-telecomcorporation.workers.dev mail-depo-gov-pk.ntc-telecomcorporation.workers.dev mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev mail-hit-gov-pk.ntc-telecomcorporation.workers.dev mail-modp-gov-pk.ntc-telecomcorporation.workers.dev mail-paf-gov-pk.ntc-telecomcorporation.workers.dev mail-punjab-gov-pk.ntc-telecomcorporation.workers.dev mail-sco-gov-pk.ntc-telecomcorporation.workers.dev news.ntc-telecomcorporation.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.192.82/relations gwadarportt.workers.dev gwadarport-gov-pk.gwadarportt.workers.dev mail-invest-gov-pk.gwadarportt.workers.dev mail-nespak-com-pk.gwadarportt.workers.dev webmail-gda-gov-pk.gwadarportt.workers.dev worker-orange-unit-abfb.gwadarportt.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.137.37/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.184.202/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.215.149/relations government-pak.workers.dev pak-gov-pk.workers.dev pakistan-gov-pk.workers.dev cpanel-nha-gov-pk.pakistan-gov-pk.workers.dev mail-asian-parliament-org.pakistan-gov-pk.workers.dev mail-depo-gov-pk.government-pak.workers.dev mail-hit-gov-pk.government-pak.workers.dev mail-hitgovpk.government-pak.workers.dev mail-kpt-gov-pk.pak-gov-pk.workers.dev mail-mod-gov-pk.pakistan-gov-pk.workers.dev mail-modp-gov-pk.government-pak.workers.dev mail-modp-gov-pk.pak-gov-pk.workers.dev mail-mofa-gov-pk.pakistan-gov-pk.workers.dev mail-nba-gov-pk.pakistan-gov-pk.workers.dev mail-pof-gov-pk.government-pak.workers.dev mail-ppra-org-pk.pakistan-gov-pk.workers.dev mail-sco-gov-pk.government-pak.workers.dev nha-gov-pk.pakistan-gov-pk.workers.dev webmail-wapda-gov-pk.pakistan-gov-pk.workers.dev worker-plain-wind-01a9.pakistan-gov-pk.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/104.21.29.219/relations kr-i-sas-orv-e-l-a.workers.dev mail-gwadarport-gov-pk.kr-i-sas-orv-e-l-a.workers.dev # Reference: https://app.validin.com/axon?find=*.govpk.live&type=dom govpk.live cpanel.govpk.live cpcalendars.govpk.live cpcontacts.govpk.live dirbspta.govpk.live ecp.govpk.live mail.govpk.live mora.govpk.live ptcl.govpk.live webdisk.govpk.live webmail.govpk.live verification.ptcl.govpk.live # Reference: https://twitter.com/__0XYC__/status/1752238025269272906 # Reference: https://twitter.com/Cuser07/status/1752266296463667343 # Reference: https://www.virustotal.com/gui/file/4438df17d22e4df1b430788da31ae0c0f4826b0c9896d1fb7d225cff586f11ad/detection download-services.online pdf-download.live royalmigration.buzz services-download.top win-service-update.top backup.download-services.online blue.win-service-update.top file.services-download.top files.pdf-download.live newfile.pdf-download.live uk.royalmigration.buzz # Reference: https://twitter.com/Joseliyo_Jstnk/status/1753385273587626057 # Reference: https://www.virustotal.com/gui/ip-address/81.171.7.136/relations # Reference: https://www.virustotal.com/gui/ip-address/81.171.7.139/relations # Reference: https://www.virustotal.com/gui/file/ae9ba351fdeb8f06173770682d0df4caef31774b3e0c8e25e2c998cd96e70fa8/detection nr3c-govpk.com api.nr3c-govpk.com mailx.nr3c-govpk.com o.nr3c-govpk.com r.nr3c-govpk.com # Reference: https://www.virustotal.com/gui/ip-address/47.90.210.26/relations mail-mofagovpk.servehttp.com ntc-govpk.servehalflife.com taxsys-fbrgovpk.servehttp.com vpn-ptclnetpk.servehalflife.com vpn-ptclnetpk.viewdns.net # Reference: https://www.virustotal.com/gui/ip-address/51.195.146.204/relations fbrgov-pk.ddns.net fbrgov.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/65.108.198.252/relations mofagovpk.cheematrd.com # Reference: https://www.virustotal.com/gui/domain/gov-pk.online/relations gov-pk.online mail-ead.gov-pk.online mail-mowr.gov-pk.online mail-ntc.gov-pk.online mail-pc.gov-pk.online mail-sco.gov-pk.online mofa.gov-pk.online ntc.gov-pk.online ntcmail.gov-pk.online paec.gov-pk.online pc.gov-pk.online pnra.gov-pk.online pta.gov-pk.online sco.gov-pk.online suparco.gov-pk.online tdap.gov-pk.online # Reference: https://www.virustotal.com/gui/ip-address/181.41.35.224/relations diagov.ddns.net govaruba.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/47.236.243.41/relations # Reference: https://www.virustotal.com/gui/ip-address/47.74.85.109/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.221.234/relations advisory-cabinetgpk.servehttp.com cap-mofagovpk.servehttp.com circular-financegov.servehalflife.com eservice-ptclnetpk.servehttp.com finance-govpk.serveblog.net hrmis-financegovpk.serveftp.com mail-depogovpk.servehttp.com mail-modgovpk.servehttp.com mail-mofagovpk.ddns.net mail-mofagovpk.gotdns.ch mail-mofagovpk.myddns.me nanfung.servehttp.com newmail-armymilbd.servehttp.com offers-ptclnetpk.serveblog.net ogdcl.servehttp.com piac-compk.servehttp.com portal-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/47.236.248.66/relations # Reference: https://www.virustotal.com/gui/ip-address/47.88.26.202/relations # Reference: https://www.virustotal.com/gui/ip-address/8.211.192.22/relations # Reference: https://www.virustotal.com/gui/ip-address/8.222.232.191/relations awards-piacaero.servehalflife.com awards-piacaero.servehttp.com discounts-ptclnetpk.servehttp.com mail-bafmilbd.servequake.com mail-dgdpgovpk.servehalflife.com mail-mofapk.servehttp.com mail-pofgovpk.3utilities.com mail-pofgovpk.sytes.net mail-scogovpk.servehalflife.com mailhitgovpk.servehalflife.com news-ptvcompk.servehttp.com offer-ptclnetpk.servehttp.com offers-ptclnetpk.serveftp.com offers-ptclnetpk.serveirc.com rewards-ptclnetpk.viewdns.net sharepakistan-mofa.viewdns.net support-ntc.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.92.59/relations cap-mofagovpk.servehttp.com cap-mofapk.servehttp.com finance-govpk.serveftp.com financegovpk.servehttp.com navy-govbd.servehttp.com sdmx-financegovpk.servehttp.com vibe-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/147.139.140.175/relations vibe-ptclnetpk.viewdns.net # Reference: https://www.virustotal.com/gui/ip-address/147.139.145.19/relations finance-govnp.servehalflife.com mail-ntcgovpk.servehttp.com mail-scogovpk.servehttp.com mof-govnp.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/172.67.133.19/relations ethanhunthero125.workers.dev mail-pc-gov-pk-login.ethanhunthero125.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.194.69/relations crypton0019.workers.dev ethanhunthero125.workers.dev mail-pc-gov-pk-login.ethanhunthero125.workers.dev mail-sco-gov-pk.crypton0019.workers.dev worker-crimson-bread-052d.crypton0019.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/47.236.119.146/relations 203-124351878443.hopto.org mail-bafmilbd.myvnc.com mail-depogovpk.myvnc.com mailhit-govpk.hopto.org mailpsab-modgovpk.hopto.org mailsco-govpk.hopto.org webmail-pacorgpk.myvnc.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.11.212/relations mail-hitgovpk.servegame.com mailsco-govpk.myvnc.com # Reference: https://www.virustotal.com/gui/ip-address/47.250.57.207/relations ideas2024-pakistan.myvnc.com ideaspakistan-govpk.myvnc.com iportal-ntdcgovpk.myvnc.com mail-armylk.myvnc.com mail-armylk.servehalflife.com mail-hitgovpk.myvnc.com mail-hitgovpk.servehttp.com meter-ntdccompk.myvnc.com meter-ntdccompk.servehttp.com pertest-ntdccompk.ddnsking.com # Reference: https://www.virustotal.com/gui/domain/g0v-pk.net/relations g0v-pk.net pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.dgdp.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.paf.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.sco.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net # Reference: https://www.virustotal.com/gui/ip-address/185.166.188.146/relations mof-govn.online # Reference: https://twitter.com/malwrhunterteam/status/1762199010062766152 # Reference: https://www.virustotal.com/gui/ip-address/91.193.18.108/relations # Reference: https://www.virustotal.com/gui/file/13dafd14c85aee3ed60ec25284ba39d6ecdd7ddf4b484d2048efc05960da51e2/detection 126-com.live mailarmylk.126-com.live spark.126-com.live # Reference: https://twitter.com/h2jazi/status/1762874221493879011 # Reference: https://www.virustotal.com/gui/file/df2be2327ed0062cba45a3f85378d0d386500ffcae20ed155ca106854d706325/detection # Reference: https://www.virustotal.com/gui/file/525b00fc379589a73ebd6471e440220c886b969332360e17fb44d5175b3d945e/detection newmofa.com mailmofa.newmofa.com # Reference: https://www.virustotal.com/gui/ip-address/82.180.175.87/relations govnp.live mailmofa.govnp.live mofa.govnp.live opmcm.govnp.live # Reference: https://www.virustotal.com/gui/ip-address/172.67.135.224/relations govtpak.workers.dev mail-depo-gov-pk.govtpak.workers.dev mail-hitgovpk.govtpak.workers.dev # Reference: https://twitter.com/Joseliyo_Jstnk/status/1765304025358954689 # Reference: https://www.virustotal.com/gui/file/4d8ef13543182fdc5cd5bb270878bcac80b77ac7c3e566c0934450e35141ece0/detection finance-gov-pk.rf.gd # Reference: https://twitter.com/Joseliyo_Jstnk/status/1765727342263988567 # Reference: https://www.virustotal.com/gui/file/acbfbf6fd00fa347a52657e5ca0f5cc6cbcf197a04e2d3fd5dc9235926b319d7/detection mofa.email mailmofagovmm.mofa.email # Reference: https://twitter.com/RedDrip7/status/1765935716964675683 # Reference: https://www.virustotal.com/gui/file/ae22f9da201032d007a0b3f54c3a53ea7a41292bba6e9855d48dd21b55c048ae/detection pmd-office.com moemaldives.pmd-office.com # Reference: https://twitter.com/ginkgo_g/status/1768477798191263970 # Reference: https://twitter.com/suyog41/status/1773224136095023435 # Reference: https://www.virustotal.com/gui/file/31b558d79c20b2d18f404096532156e2a25dff5626589a0b27404f359dc9e8db/detection # Reference: https://www.virustotal.com/gui/file/0b917833380d87990413d318ecd7ed08710d07aedc1d39b749256530c32f2ca9/detection 163inc.org mailafdgovbd.163inc.org mailcn.163inc.org # Reference: https://twitter.com/Cyberteam008/status/1773587888279630292 # Reference: https://www.virustotal.com/gui/ip-address/103.151.111.61/relations # Reference: https://www.virustotal.com/gui/ip-address/142.202.191.187/relations # Reference: https://www.virustotal.com/gui/ip-address/91.92.252.90/relations # Reference: https://www.virustotal.com/gui/ip-address/94.156.65.165/relations punjabgov.org surveyofpakistan.org submitsurvey.info mail.punjabgov.org # Reference: https://twitter.com/alex_lanstein/status/1773817732426863037 # Reference: https://www.virustotal.com/gui/file/7dca552bc38f54716c80eb2c4f1f35cf6e5b12a78a5cec8bf335453c1b433cfd/detection paknavy-govpk.info moitt.paknavy-govpk.info # Reference: https://www.virustotal.com/gui/ip-address/198.54.116.197/relations mail-np.net paknavy-gov-pk.mail-np.net # Reference: https://www.virustotal.com/gui/ip-address/109.106.251.65/relations paknavy-govpk.org # Reference: https://www.virustotal.com/gui/ip-address/79.141.165.199/relations paknavy-govpk.net # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations paknavy.tech # Reference: https://www.virustotal.com/gui/ip-address/46.17.175.230/relations paknavy.cloud paknavy.online # Reference: https://www.virustotal.com/gui/domain/mofagovpk.info/relations mofagovpk.info # Reference: https://twitter.com/ginkgo_g/status/1774639942628761827 # Reference: https://www.virustotal.com/gui/file/0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70/detection # Reference: https://www.virustotal.com/gui/file/85d5c21050bd72c4ee02060d0be234ac35babc785567dca5bfc1d299150576b7/detection cabint-division-pk.fia-gov.com police.fia-gov.com vpn.fia-gov.com ctd2.police.fia-gov.com sindh.police.fia-gov.com # Reference: https://twitter.com/Cyberteam008/status/1774703213390057829 64.46.102.122:8443 64.46.102.26:443 64.46.102.63:8443 # Reference: https://www.virustotal.com/gui/ip-address/185.174.135.4/relations ptcl-gov.net # Reference: https://www.virustotal.com/gui/ip-address/172.67.143.200/relations mil-bd.workers.dev mailbaf.mil-bd.workers.dev mail-sco-gov-pk.mil-bd.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.221/relations mai1-sco-gov-pk-sdf.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/93.183.74.8/relations moe-gov-ae.info mofa-gov-ae.info mofagov-sa.info mail.moe-gov-ae.info mail.mofa-gov-ae.info mail.mofagov-sa.info # Reference: https://twitter.com/alex_lanstein/status/1775623052941799483 # Reference: https://blog.strikeready.com/blog/rattling-the-cage-of-a-sidewinder/ afmat.tech aliyumm.tech almightyallah.live ausibedu.org boket.tech btud.live comptes.tech dafpak.org defenec.net detru.info directt888.com download-file.net dynat.tech gebre.tech mfa-govt.net mfacom.org moittpk.org msacn.ntcpk.net newoutlook.live ntcpk.info ntcpk.net numpy.info paknavy-gov.org pnscpk.com sezti.org tni-mil.com tni-mil.org tnial-mil.net commerce-gov-in.iima.remotexs.in commerce-gov-pk.directt888.com mailrta.mfagov.org mofa-gov-pk.directt888.com sarabanmithnavy.tni-mil.com training.detru.info # Reference: https://www.virustotal.com/gui/ip-address/91.195.240.12/relations mfa-gov.cc # Reference: https://www.virustotal.com/gui/ip-address/134.209.86.200/relations mofagov.online ai.mofagov.online server.mofagov.online # Reference: https://www.virustotal.com/gui/ip-address/185.151.30.193/relations mofa-gov-pk.co # Reference: https://www.virustotal.com/gui/ip-address/172.66.47.59/relations mofa-gov-pk.pages.dev # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.33/relations mofa-gov-pk.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations mofa-gov-qa.gq mail.mofa-gov-qa.gq webmail.mofa-gov-qa.gq # Reference: https://www.virustotal.com/gui/ip-address/128.199.145.180/relations mofa-gov-qa.ml mail.mofa-gov-qa.ml # Reference: https://www.virustotal.com/gui/ip-address/208.109.19.101/relations mofagovpk.com # Reference: https://www.virustotal.com/gui/ip-address/47.74.10.112/relations modp-pk.org 1.modp-pk.org gov.pk.1.modp-pk.org gov.pk.modp-pk.org mail.mofa.gov.pk.modp-pk.org mofa.gov.pk.1.modp-pk.org mofa.gov.pk.modp-pk.org pk.1.modp-pk.org pk.modp-pk.org # Reference: https://www.virustotal.com/gui/ip-address/3.33.130.190/relations pk-hqr-online.co gov.pk-hqr-online.co mofa.gov.pk-hqr-online.co # Reference: https://www.virustotal.com/gui/ip-address/185.245.180.3/relations govt-org.net bd.govt-org.net lk.govt-org.net gov.bd.govt-org.net gov.lk.govt-org.net mod.gov.bd.govt-org.net mofa.gov.lk.govt-org.net # Reference: https://www.virustotal.com/gui/ip-address/77.95.113.16/relations qrrl.net pk-hq.qrrl.net gov.pk-hq.qrrl.net mofa.gov.pk-hq.qrrl.net cons.mofa.gov.pk-hq.qrrl.net # Reference: https://www.virustotal.com/gui/ip-address/185.245.180.44/relations gov-co.org bd.gov-co.org com.gov-co.org lk.gov-co.org mv.gov-co.org np.gov-co.org org.gov-co.org defence.lk.gov-co.org e-mopf.gov.mm.gov-co.org finance.gov.mv.gov-co.org for.gov-co.org foreign.gov.mv.gov-co.org gov.bd.gov-co.org gov.mm.gov-co.org gov.np.gov-co.org health.gov.lk.gov-co.org health.gov.mv.gov-co.org immigration.gov.np.gov-co.org mfa.gov.lk.gov-co.org mil.np.gov-co.org mod.gov.np.gov-co.org mofa.bd.gov-co.org mofa.gov.bd.gov-co.org mofa.gov.np.gov-co.org myanmar.gov-co.org navy.lk.gov-co.org nepal.gov.np.gov-co.org nhsrc.pk.gov-co.org nugmyanmar.org.gov-co.org plandiv.gov.bd.gov-co.org po.gov.mv.gov-co.org presidentoffice.lk.gov-co.org pubsec.gov.lk.gov-co.org punjab-ministry-pk.com.gov-co.org # Reference: https://www.virustotal.com/gui/ip-address/109.70.148.47/relations 2let.org pk.2let.org gov.pk.2let.org mofa.gov.pk.2let.org cons.mofa.gov.pk.2let.org # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.151/relations mofa-gov-msg-view.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.55/relations mofa-gov-bd-mailll.rf.gd mofa-gov-pk-download.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.222/relations mofa-gov-mail-view-pk.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.212.70.84/relations timeoflahore.com mofa-gov-pk-foreignministry-documents.timeoflahore.com # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations govt-org.com lk.govt-org.com gov.lk.govt-org.com mfa.gov.lk.govt-org.com # Reference: https://www.virustotal.com/gui/ip-address/104.219.248.111/relations emaiil.co pk.emaiil.co gov.pk.emaiil.co mod.gov.pk.emaiil.co # Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations srvssl.cf mofa-gov-qa.srvssl.cf # Reference: https://www.virustotal.com/gui/ip-address/8.218.5.63/relations investgov.info pakchinavest.info com.pakchinavest.info gwadarport.ddns.net gwadarport.gov.jzbnco.com gwadarport.gov.pk.migkua.com gwadarport.gov.packetfilters.org gwadarport.gov.pk.rankglobe.com mail.investgov.info pakchinainvest.com.pakchinavest.info webmail.pakchinainvest.com.pakchinavest.info # Reference: https://twitter.com/doc_guard/status/1785422860741202184 # Reference: https://www.virustotal.com/gui/file/8a6e381ab6f1d2ab74e3ee232680d5991c9f751241a6a0c3f0d9082d2cf61a05/detection # Reference: https://app.docguard.io/23f3a046884bf94ec706f98000a9efbda48455b4dd86f0665409937b1fb811cb/112148fa-67fb-4646-8dcd-9007ddf87e00/0/results/dashboard mofa-services-server.top docs.mofa-services-server.top # Reference: https://twitter.com/alex_lanstein/status/1788200111966658963 # Reference: https://pastebin.com/5tvyLKZM govt-pk.com amigos.govt-pk.com bd.govt-pk.com dfd-punjab.govt-pk.com dfd.punjab.govt-pk.com gov.pk.govt-pk.com ics.govt-pk.com ics1.govt-pk.com investinnepal.gov.np.govt-pk.com lgcd.punjab.gov.pk.govt-pk.com medicalbillers.govt-pk.com mindef.gov.pk.govt-pk.com mod.gov.bd.govt-pk.com mod.gov.np.govt-pk.com mofa.gov.bd.govt-pk.com mofa.gov.np.govt-pk.com np.govt-pk.com oidc.idp.elogin.att.govt-pk.com prisons.punjab.govt-pk.com pubad.gov.lk.govt-pk.com sparrso.gov.bd.govt-pk.com # Reference: https://twitter.com/alex_lanstein/status/1788203426020499698 # Reference: https://www.virustotal.com/gui/file/006e5fe0c01712391c54319a9d1579d7208f3cfa9f49fe56a14d93f0d0e8928b/detection dowmload.org efes-mindef-gov-pk.dowmload.org # Reference: https://twitter.com/ValidinLLC/status/1788210860017553882 govt-net.com bd.govt-net.com com.govt-net.com fia-govt-net.com.govt-net.com fia.govt-net.com gov.bd.govt-net.com gov.lk.govt-net.com gov.np.govt-net.com lk.govt-net.com mfa.gov.lk.govt-net.com mofa.gov.bd.govt-net.com mofa.gov.lk.govt-net.com mofa.gov.np.govt-net.com np.govt-net.com ptdi.govt-net.com # Reference: https://twitter.com/mal_analysis136/status/1788219355446075756 # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.33/relations mofa-govtpk.com mail.mofa-govtpk.com # Reference: https://twitter.com/Cyberteam008/status/1788436206528680124 # Reference: https://pastebin.com/vPLMDA1U 193.200.16.230:443 5.230.40.141:443 5.230.42.202:443 5.230.43.203:443 5.230.52.133:443 5.230.54.162:443 5.230.54.63:443 5.230.55.29:443 5.230.70.181:443 5.230.71.148:443 5.230.74.96:443 5.230.77.142:443 aliyum.org appclub.live crypto-wise.co dgps-govpk.co jupyt.tech ntcpak.live office.ntcpak.live tsinghua-edu.tech amarsonarbangla123.dgps-govpk.co api.crypto-wise.co bangladeshnavy.dgps-govpk.co emv1.crypto-wise.co mailotloc.aliyum.org mailotlook.aliyum.org mta-sts.crypto-wise.co # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.94/relations dgps-govpk.com # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.83/relations dgps-govpk.org # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.238/relations1 libqstur.tech # Reference: https://twitter.com/suyog41/status/1768558626929860749 # Reference: https://twitter.com/k3yp0d/status/1789806184175685805 # Reference: https://www.virustotal.com/gui/ip-address/146.70.157.120/detection # Reference: https://www.virustotal.com/gui/ip-address/146.70.80.58/detection # Reference: https://www.virustotal.com/gui/file/92145633823ed4a4c56915ab81f6bc0582fd27700d8515400edd0a153d39829f/detection # Reference: https://www.virustotal.com/gui/file/736315462b91943de9df6210db3bb52564982dd6c758d06ea79e3a404548569b/detection # Reference: https://www.virustotal.com/gui/file/6e4a4d25c2e8f5bacc7e0f1c8b538b8ad61571266f271cfdfc14725b3be02613/detection # Reference: https://www.virustotal.com/gui/file/316e01b962bf844c3483fce26ff3b2d188338034b1dbd41f15767b06c6e56041/detection # Reference: https://www.virustotal.com/gui/file/2f5f44863048243c1bbec6e16b1c0902f8c61d61fdb8277f5c514b2f04ce8993/detection # Reference: https://www.virustotal.com/gui/file/2027a5acbfea586f2d814fb57a97dcfce6c9d85c2a18a0df40811006d74aa7e3/detection # Reference: https://www.virustotal.com/gui/file/3e35834b72b475952ae60ea8479ebe3638e204df414a838dfe143081f6729d8e/detection packageupdates.net syncscheduler.com /r3diRecT/redirector/ /r3diRecT/redirector/proxy.php # Reference: https://www.embeeresearch.io/advanced-guide-to-infrastructure-analysis-tracking-apt-sidewinder-domains/ amazonas-gov.co cabinet-download-server.top cnsa-gov.com ctd.govt-pk.com documents-server-pk.top ecp.govt-pk.com embajadadenepal.es.govt-pk.com ep-gov-pk.christmas ep-gov-pk.icu gov-govpk.info goverment-pk-update.top justice-gov.info mail-govpk.com mod-gov-pk.live mohre-gov.info moma-gov-pk.org my-gov-confirm.org nadra-govpk.com ncsc-gov.com newmofa.org nitb-update-services.top pakistan-mofa.cloud paknavy-govpk.com pmo.documents-server-pk.top pta-govpk.com s3-network-pakistan.online services-pk-users.top update-govpk.co # Reference: https://x.com/uslss_etr/status/1795534272725713221 # Reference: https://www.virustotal.com/gui/ip-address/46.183.187.190/relations # Reference: https://www.virustotal.com/gui/file/ceb93ee3093dbf1a49918ede81055018d9c0f0945a97f904a16951010cfbce61/detection dirctt88.co mfa-gov-lk.dirctt88.co moto.dirctt88.co office.dirctt88.co sp-nepalembassy-gov-np.dirctt88.co sparrso-gov-bd.dirctt88.co www-army-mil-bd.dirctt88.co # Reference: https://x.com/ginkgo_g/status/1801540845797315055 # Reference: https://x.com/Joseliyo_Jstnk/status/1804112721408835817 # Reference: https://www.virustotal.com/gui/ip-address/91.223.208.175/relations # Reference: https://www.virustotal.com/gui/file/c87e8d369a9718304e253ebe24da5267bf3a39f0b456c4191029b6be4bc04a42/detection # Reference: https://www.virustotal.com/gui/file/57d761453bbc6ba9ace467f4491d7a19b9c7e097f81d9772efbcd2f43ada4dce/detection mods.email mailnepalarmymil.mods.email mailarmylk.mods.email premier.mods.email # Reference: https://www.virustotal.com/gui/ip-address/89.150.40.43/relations # Reference: https://www.virustotal.com/gui/file/512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9/detection # Reference: https://www.virustotal.com/gui/file/b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53/detection session-out.com investigation04.session-out.com policy.session-out.com salary-cutting.session-out.com /fbd901_harassment/ # Reference: https://x.com/StrikeReadyLabs/status/1811134839598326198 # Reference: https://www.virustotal.com/gui/ip-address/5.230.35.199/relations # Reference: https://www.virustotal.com/gui/file/9572312a12605c6a6ea6447af6fc063f4196aeba523ed38ce2c5ff51c33d4831/detection dgps-govtpk.com reports.dgps-govtpk.com # Reference: https://x.com/RedDrip7/status/1813049510601630031 # Reference: https://www.virustotal.com/gui/file/15081f25bd44b8591d2895c33db7c238b6d52ffb5fbeb235b62d52e681c99249/detection mofa-filetransfer.servehttp.com # Reference: https://x.com/suyog41/status/1814216605414351325 # Reference: https://www.virustotal.com/gui/file/005188f4c96d1f996e260d4cd1f6cb51de8c02654520673506976004203328cc/detection paknavy.store heatwave.paknavy.store # Reference: https://x.com/suyog41/status/1814216605414351325 # Reference: https://www.virustotal.com/gui/ip-address/5.255.113.149/relations # Reference: https://www.virustotal.com/gui/file/c4627139cab65aed8b7639006fa4848516f5681dca4ddf483fd27aa2e9f645c2/detection pdfadobe.com mora.pdfadobe.com # Reference: https://x.com/suyog41/status/1814230027560501248 # Reference: https://x.com/suyog41/status/1815976875534975196 # Reference: https://www.virustotal.com/gui/file/a93a8e4bbd2b5af5b21b960f74a02b83d8b5e8c4ab8f5d3a8d5d676ccbc37c7b/detection office-updatecentral.com regionserverbackup.info /eigenvalue/Odyssey/froth/imminently/creep /eigenvalue/Odyssey/froth/imminently/empower /eigenvalue/Odyssey/froth/imminently/intervene /eigenvalue/Odyssey/froth/imminently/relaxations /eigenvalue/Odyssey/froth/imminently/ /eigenvalue/Odyssey/froth/ # Reference: https://x.com/wa1Ile/status/1816718243123593410 # Reference: https://www.virustotal.com/gui/ip-address/5.255.112.244/relations # Reference: https://www.virustotal.com/gui/file/b8294a2038c3e79a06ad1f35c1083edaa6591b393f8bba681384a103734c27e9/detection portdedjibouti.live leave.portdedjibouti.live notice.portdedjibouti.live wwww.portdedjibouti.live wwww.notice.portdedjibouti.live # Reference: https://www.virustotal.com/gui/ip-address/93.127.192.14/relations pk-govt.com army.mil.bd.pk-govt.com beoe.gov.pk-govt.com cabinet.gov.bd.pk-govt.com cabinet.gov.pk-govt.com ead.gov.pk-govt.com fia.gov.pk-govt.com fia.gov.pk.pk-govt.com finance.gov.pk-govt.com mod.gov.ba.pk-govt.com mod.gov.bd.pk-govt.com mofa.gov.bd.pk-govt.com mofa.gov.np.pk-govt.com mofa.gov.pk-govt.com mofa.gov.pk.pk-govt.com nepalembassyusa.org.pk-govt.com nepembassy.org.uk.pk-govt.com paknavy.gov.pk-govt.com paknavy.gov.pk.pk-govt.com pasb.mod.gov.pk-govt.com pmo.gov.bd.pk-govt.com pmo.gov.pk.pk-govt.com police.gov.bd.pk-govt.com prisons.punjab.gov.pk-govt.com prisons.punjab.pk-govt.com punjabpolice.gov.pk-govt.com sparrso.gov.bd.pk-govt.com # Reference: https://www.virustotal.com/gui/ip-address/193.29.57.101/relations geopk.org geo.org.pk mofa-govlk.com army.mil.bd.mofa-govlk.com gmail.com.mofa-govlk.com mod.gov.bd.mofa-govlk.com mofa.gov.bd.mofa-govlk.com pmo.gov.bd.mofa-govlk.com sparrso.gov.bd.mofa-govlk.com army.mil.bd.mofa-govlk.com gmail.com.mofa-govlk.com mod.gov.bd.mofa-govlk.com mofa.gov.bd.mofa-govlk.com pmo.gov.bd.mofa-govlk.com sparrso.gov.bd.mofa-govlk.com # Reference: https://x.com/StrikeReadyLabs/status/1820454673603768564 mofserviceserver.top shiftroof.top ofc.mofserviceserver.top pmofficepakistancloudserver.shiftroof.top # Reference: https://x.com/StrikeReadyLabs/status/1821133707077370041 # Reference: https://www.virustotal.com/gui/file/fec66a9aabf379d150ad51926b318f9c03edbe8f7e655193c036db6c0ba9a6b6/detection dowmload.info mofa-gov-pk.dowmload.info # Reference: https://www.virustotal.com/gui/domain/mofa-g0v-pk.workers.dev/relations mofa-g0v-pk.workers.dev sharepakistan.mofa-g0v-pk.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/76.223.105.230/relations mofa-gov-pk.xyz # Reference: https://www.virustotal.com/gui/ip-address/195.35.10.141/relations mofa-gov-pk.site cons.mofa-gov-pk.site # Reference: https://x.com/k3yp0d/status/1821526304635650555 # Reference: https://www.virustotal.com/gui/file/b81c49fe252f763e43d2be298298ecc5d986c59e047efff6ecb928126e17f881/detection refnameit.life my.refnameit.life # Reference: https://x.com/StrikeReadyLabs/status/1818267844972306610 # Reference: https://www.virustotal.com/gui/file/6842aee028eaa07af8e8eba41bef019aee72fe245ca86be39efd2df883b2402c/detection xuzeest.buzz management.xuzeest.buzz # Reference: https://x.com/k3yp0d/status/1821523835214065877 # Reference: https://www.virustotal.com/gui/file/ffb1e4d9253ed97cc381826993a8812ac6c53f7a7d01793e282fc148102bdab3/detection screenpont.xyz ministryofficedownloadcloudserver.screenpont.xyz # Reference: https://x.com/mal_analysis136/status/1822672814924611748 # Reference: https://www.virustotal.com/gui/ip-address/5.255.121.188/relations dowmload.co fmprc-gov-cn.dowmload.co mod-gov-bd.dowmload.co mofa-gov-bd.dowmload.co mofa-gov-pk.dowmload.co punjabpolice-gov-pk.dowmload.co www-army-mil-bd.dowmload.co # Reference: https://x.com/suyog41/status/1822904355777138829 # Reference: https://www.virustotal.com/gui/ip-address/213.183.55.52/relations # Reference: https://www.virustotal.com/gui/file/a84b3dd5f7d29d8d257fdef0ede512ae09e6cd5be7681b9466a5c60f6f877c2b/detection pmd-offc.info moittadvisory.pmd-offc.info # Reference: https://x.com/mal_analysis136/status/1822916700762984543 # Reference: https://x.com/suyog41/status/1824001819149799434 # Reference: https://www.virustotal.com/gui/ip-address/5.255.121.168/relations # Reference: https://www.virustotal.com/gui/ip-address/5.255.99.223/relations # Reference: https://www.virustotal.com/gui/file/bdbbb8fc621a1717e0dd373c143279db794a72a5bbd846ede92df412043623f7/detection pmd-office.info pmd-office.live cyber.pmd-offc.info office.pmd-office.info # Reference: https://x.com/StrikeReadyLabs/status/1826250092669751401 # Reference: https://www.virustotal.com/gui/file/e3802e7f09f499537271f80af7ca81ee1e6d8559164e644665cf50d0a43bccdc/detection pafmodernwebclient-srirj3dq.b4a.run # Reference: https://x.com/StrikeReadyLabs/status/1830774400397779262 # Reference: https://www.virustotal.com/gui/ip-address/194.68.44.55/relations document-viewer.live stae-org-mz.document-viewer.live # Reference: https://x.com/StrikeReadyLabs/status/1831386292728598949 # Reference: https://www.virustotal.com/gui/file/c2bc69085df7036bdef980932a2383b34a9fb76a92d85b9f377beca060053c17/detection pkinfo.live # Reference: https://x.com/StrikeReadyLabs/status/1833558192024142056 # Reference: https://www.virustotal.com/gui/file/5ba6e6deae5da0adf35e78319e9c528343a21f09863b879b3976351896578229/detection dellicon.top cloud.dellicon.top # Reference: https://x.com/StrikeReadyLabs/status/1836356550274826416 # Reference: https://www.virustotal.com/gui/ip-address/212.46.38.168/relations document-viewer.info customs.document-viewer.info office.document-viewer.info # Referemce: https://blog.cloudflare.com/unraveling-sloppylemming-operations/ 168-gov.info acrobat.paknavy-pk.org aljazeerak.online apl-com.icu apl-org.online aurora.dawn-904.workers.dev blabla.apl-com.icu browser.apl-org.online classifieds.workers.dev confidential.zapto.org crec-bd.site dawn.apl-org.online dawnnews.workers.dev docs.apl-com.icu epaper.dawn-323.workers.dev filebox-1-y7125191.deta.app fonts.apl-org.online gov-pkgov.workers.dev hascolgov.info helpdesk-lab.site herald-b2a.workers.dev hesco.hascolgov.info hit-pk.org humariweb.info hurr.zapto.org images-11d.workers.dev itsupport-gov.com locaal.navybd-gov.info localhost.apl-com.icu locall.hascolgov.info login.apl-org.online mail-islamabadpolice-gov-pk.ntc-telecommunication-safecity.workers.dev mail-na-gov-pk.na-gov-pk.workers.dev mail.apl-com.icu mail.pakistangov.com mofapak.info mozilla.apl-org.online na-gov-pk.workers.dev new.apl-org.online ntc-telecommunication-safecity.workers.dev obituary.workers.dev oil.hascolgov.info openkm.paknavy-pk.org owa-spamcheck.apl-org.online pakistangov.com paknavy-pk.org pitb.gov-pkgov.workers.dev pitb.zapto.org quran-books.store redzone.apl-org.online redzone2.apl-org.online sco.zapto.org sharepoint-punjab.sharepoint-e13.workers.dev storage-e13.sharepoint-e13.workers.dev update.apl-org.online updpcn.online zero-berlin-covenant.apl-org.online zoom.osutuga7.workers.dev # Reference: https://x.com/suyog41/status/1839593288455606483 # Reference: https://www.virustotal.com/gui/file/21c0756d52ca7947a83529e2cc7d3341f4626b8da05c256f5ec09034d147c6ba/detection desktopserver.top drive.desktopserver.top