# Copyright (c) 2014-2025 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: apt-04, apt-c-24, apt-q-39, rattlesnake, ta399, sloppylemming # Reference: https://twitter.com/Sebdraven/status/1052864520522223616 # Reference: https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739 # Reference: https://www.virustotal.com/#/ip-address/185.106.120.43 heartissuehigh.win webserv-redir.net # Reference: https://twitter.com/Sebdraven/status/1140597344720830471 # Reference: https://app.any.run/tasks/d7ce191d-c04f-4eff-a13c-02cbe746c256/ # Reference: https://www.virustotal.com/gui/domain/cdn-dl.cn/relations # Reference: https://pastebin.com/rccqdjNB cdn-dl.cn bd-gov.cdn-dl.cn bdgov-mopa.cdn-dl.cn biaa-org-bd.cdn-dl.cn biaa-org.cdn-dl.cn gov-cn.cdn-dl.cn gov-pk.cdn-dl.cn hostmaster.cdn-dl.cn info-account.cdn-dl.cn ministry-gov.cdn-dl.cn ministry-interior-gov-pk.cdn-dl.cn mod-gov.cdn-dl.cn moe-gov.cdn-dl.cn moi-nadra.cdn-dl.cn mopa-bd.cdn-dl.cn mopa-bdgov.cdn-dl.cn mopa-govbd.cdn-dl.cn nadra-interior.cdn-dl.cn nadra-moi.cdn-dl.cn narda-moi.cdn-dl.cn neteease.cdn-dl.cn newmake.pw serve-dropbx-ap-east1.cdn-dl.cn suodeshui.cdn-dl.cn tiexue.cdn-dl.cn # Reference: https://twitter.com/Timele9527/status/1147750939576586244 http://167.86.116.39 # Reference: https://twitter.com/Timele9527/status/1147750939576586244 vidyasagaracademybrg.in/scripts/lnk/ vidyasagaracademybrg.in/scripts/am/ # Reference: https://twitter.com/Timele9527/status/1150597482310619136 # Reference: https://app.any.run/tasks/e15e1cd1-0c38-41b9-aa1e-a29562f17b3d/ # Reference: https://www.freebuf.com/articles/network/196788.html (Chinese) ap12.ms-update-server.net cdn-do.net cdn-edge.net cdn-list.net fb-dn.net google.com.d-dns.co msftupdate.srv-cdn.com nadra.gov.pk.d-dns.co pmo.cdn-load.net s2.cdn-edge.net s12.cdn-apn.net trans-pre.net webserv-redir.net # Reference: https://twitter.com/blackorbird/status/1160734383864610816 trans-can.net # Reference: https://mp.weixin.qq.com/s/pJ-rnzB7VMZ0feM2X0ZrHA cdn-ps.net # Reference: https://twitter.com/blackorbird/status/1189116884626493440 paknavy.gov.pk.ap1-port.net # Reference: https://twitter.com/Timele9527/status/1195272502135549953 # Reference: https://www.virustotal.com/gui/domain/reawk.net/details reawk.net # Reference: https://twitter.com/ccxsaber/status/1195281985335201794 sd1-bin.net # Reference: https://twitter.com/0xCARNAGE/status/1203882560176218113 # Reference: https://app.any.run/tasks/3abfc241-3ab0-4016-acbb-040b44199d52/ 185.225.17.239:443 # Reference: https://twitter.com/RedDrip7/status/1206898954383740929 ap1-acl.net # Reference: https://twitter.com/Timele9527/status/1211852764688478216 # Reference: https://app.any.run/tasks/c8469e19-96a0-4f2f-9765-72acf72dee05/ fincruitconsulting.in # Reference: https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/ # Reference: https://otx.alienvault.com/pulse/5e133ac9f5eaf331885e74b4 aws-check.net deb-cn.net ms-db.net ms-ethics.net # Reference: https://github.com/blackorbird/APT_REPORT/tree/master/sidewinder gov-pk.org # Reference: https://mp.weixin.qq.com/s/L3dVwbkfTABtE4ZYtv5r4w # Reference: https://otx.alienvault.com/pulse/5e206d8b77de0b2690b9946c 110.10.176.193:4443 # Reference: https://twitter.com/Timele9527/status/1247325070520750080 # Reference: https://twitter.com/Timele9527/status/1247327952238284800 # Reference: https://twitter.com/Timele9527/status/1247376905956765697 ap-ms.net d01fa.net fdn-en.net nrots.net # Reference: https://twitter.com/ShadowChasing1/status/1252547080070914048 link-cdnl.net # Reference: https://twitter.com/ccxsaber/status/1260775018306236416 au-edu.km01s.net # Reference: https://twitter.com/Arkbird_SOLG/status/1260727623539404800 kat0x.net # Reference: https://twitter.com/ShadowChasing1/status/1268214042637684738 # Reference: https://www.virustotal.com/gui/domain/chrom3.net/relations chrom3.net r0dps.net # Reference: https://twitter.com/ccxsaber/status/1281413683013287936 gov-mil.cn # Reference: https://twitter.com/ShadowChasing1/status/1284319235481538565 cdn-m1l.net tar-gz.net # Reference: https://twitter.com/cyber__sloth/status/1293183011916193793 # Reference: https://twitter.com/cyber__sloth/status/1293187616897028098 # Reference: https://twitter.com/Arkbird_SOLG/status/1293221669134372865 # Reference: https://app.any.run/tasks/e3501b33-28a2-4b7c-bc79-d20891c4832e/ http://111.229.73.84 202.58.104.100:81 # Reference: https://twitter.com/ShadowChasing1/status/1296710024643796992 # Reference: https://www.virustotal.com/gui/file/a89189f1c7c101c8d9c2637e571c4f8546df3ea557a576090cde7b75009981a9/detection fqn-cloud.net # Reference: https://twitter.com/ShadowChasing1/status/1297902086747598852 asw-edu.net filesrvr.net # Reference: https://twitter.com/cyber__sloth/status/1298187291295461376 # Reference: https://www.virustotal.com/gui/ip-address/185.141.25.136/relations mil-pk.net # Reference: https://twitter.com/ShadowChasing1/status/1308620752703299585 aws-pk.net cdn-aws-s2.net # Reference: https://twitter.com/ShadowChasing1/status/1316680709478604800 # Reference: https://twitter.com/mg2_tracy1/status/1316688407280586752 # Reference: https://www.virustotal.com/gui/file/280fb291d49f277067667838cdf30a940eaed9ed7712448158ea29e1ce6af86f/detection cdn-sop.net # Reference: https://twitter.com/ShadowChasing1/status/1324349418162720769 # Reference: https://twitter.com/ShadowChasing1/status/1324349684664528897 # Reference: https://www.virustotal.com/gui/domain/gov-pok.net/detection gov-pok.net # Reference: https://twitter.com/RedDrip7/status/1328639418110865409 # Reference: https://www.virustotal.com/gui/file/1cbec920afe2f978b8f84e0a4e6b757d400aeb96e8c0a221130060b196ece010/detection cdn-edu.net brep.cdn-edu.net # Reference: https://twitter.com/mg2_tracy1/status/1331153718931177473 # Reference: https://www.virustotal.com/gui/file/7238f4e5edbe0e5a2242d8780fb58c47e7d32bf2c4f860c88c511c30675d0857/detection ms-trace.net # Reference: https://www.trendmicro.com/en_us/research/20/l/sidewinder-leverages-south-asian-territorial-issues-for-spear-ph.html # Reference: https://www.virustotal.com/gui/ip-address/185.225.19.46/relations # Reference: https://otx.alienvault.com/pulse/5fd10760f9afb730d37c4742 185.225.19.46:4589 185.225.19.46:4875 gov-af.org gov-np.org aop.gov-af.org arg.gov-af.org imail.aop.gov-af.org mail-apfgavnp.hopto.org mail-apfgovnp.ddns.net mail-kmgcom.ddns.net mail-mfagovcn.hopto.org mail-mofagovnp.hopto.org mail-mofagovnp.zapto.org mail-mofgovnp.hopto.org mail-ncporgnp.hopto.org mail-nepalarmymilnp.duckdns.org mail-nepalgovnp.duckdns.org mail-nepalgovnp.zapto.org mail-nepalpolicegov.hopto.org mail-nepalpolicegovnp.duckdns.org mail-nrborg.hopto.org mail-nscaf.myftp.org mail-nscgovaf.hopto.org mail-ntcnetnp.serveftp.com mail.arg.gov-af.org techfriend.hopto.org # Reference: https://www.virustotal.com/gui/ip-address/83.171.236.49/relations mail-mofa.myftp.org mail-mohs.myftp.org microsoftfp.hopto.org nitcgov-np.hopto.org # Reference: https://twitter.com/BaoshengbinCumt/status/1342297125141454848 # Reference: https://www.virustotal.com/gui/file/c59c6c18f529c88cf352883b23af36f829b8ae1d17daa0762f028184cba7199b/detection cdn-re.net # Reference: https://twitter.com/ShadowChasing1/status/1345559958796914694 gov-mail.net # Reference: https://twitter.com/cyber__sloth/status/1346100925199478784 gov-af.net gov-crt.net gov-nadra.net gov-pbs.net gov-pmo.net # Reference: https://www.virustotal.com/gui/domain/gov-cn.net/relations gov-cn.net # Reference: https://www.virustotal.com/gui/domain/gov-cnn.net/relations gov-cnn.net # Reference: https://www.virustotal.com/gui/domain/paknavy-gov.net/detection paknavy-gov.net # Reference: https://www.virustotal.com/gui/file/4b5e0ad20a8d143567cc424edf2010146e24a0b729de7ca0f66292141d363e57/detection cdn-aws.net cdn-src.net # Reference: https://twitter.com/BaoshengbinCumt/status/1354270351702691843 del-ivery.net trans-aws.net # Reference: https://twitter.com/jfslowik/status/1362782587345727492 cdn-secure.net # Reference: https://twitter.com/h2jazi/status/1363683531067715584 # Reference: http://hackdig.com/02/hack-280699.htm # Reference: https://app.any.run/tasks/b88e935c-b17a-4429-acdc-65156804ad1c/ # Reference: https://otx.alienvault.com/pulse/6033e84e6fb8fc369323e8e3/ 151.236.11.147:57670 alsalaf.info gov-pk.info govt-pk.org gov-pak.org pk-gov.org attachments.gov-pk.info nhsrcgovpk.servehttp.com contact.gov-pak.org onedrives.pk-gov.org support.govt-pk.org support.gov-pak.org support-gov.myftp.org # Reference: https://twitter.com/DeadlyLynn/status/1367746507974270981 # Reference: https://www.virustotal.com/gui/file/bb58796f79a913a985eb41f0d12446e7ae8fe99fd3f0d432d77d8d82f202bf5f/detection cdn-pak.net fqn-mil.net mailmofagovpk.cdn-pak.net # Reference: https://twitter.com/BaoshengbinCumt/status/1369916500014821377 afd-bdmil.cdn-pak.net fmprc.cdn-pak.net ibn.cdn-pak.net mofa.cdn-pak.net oimc.cdn-pak.net pakbj.cdn-pak.net poly.cdn-pak.net trgdte.cdn-pak.net # Reference: https://www.virustotal.com/gui/domain/www-cdn.net/relations www-cdn.net # Reference: https://twitter.com/ShadowChasing1/status/1384743822953877505 afohs.mod-pak.co fbr.mod-pak.co shaheenfoundation.mod-pak.co mod-pak.co # Reference: https://twitter.com/BaoshengbinCumt/status/1384792855692988416 # Reference: https://www.virustotal.com/gui/ip-address/185.163.45.56/relations # Reference: https://www.virustotal.com/gui/file/37a3855e05c63fdab773fdd39da021f2daf1961cc8137385db079960bdfa18c7/detection edu-mil.cn iugur.live bmac.iugur.live mofa.iugur.live # Reference: https://twitter.com/BaoshengbinCumt/status/1387233200871673856 # Reference: https://mp.weixin.qq.com/s/GWVz02_jGaUt_n9JxB1OwQ autodiscover.mofagov-pk.online cpanel.mofagov-pk.online cpcalendars.mofagov-pk.online cpcontacts.mofagov-pk.online dgmi-share-folder-nepalarmy-mil-np-coas-sambodhan-pdf.netlify.app email-nepalarmy-mil-np-owa.netlify.app imail.aop.gov.af.egateway.nsc-gov.com mail-nepalarmy-mil-np-fsdafjsd.herokuapp.com mail-nepalarmy-mil-np-login-download.netlify.app mail-nepalarmy-mil-np-view.netlify.app mail-nepalpolice-gov-np-loginn.herokuapp.com mail-nscaf.hopto.org mail-ntmail-ntcnetnp.serveftp.comcnetnp.serveftp.com mail.mofagov-pk.online medeclinic.ae mil-pk.net mod-cn.trans-del.net mofagov-pk.naatlibrary.com mofagov-pk.online naatlibrary.com nepalarmy.trans-del.net nsc-gov.com nsc-gov.net polyinc-global.trans-del.net trans-del.net webdisk.mofagov-pk.online webmail.mofagov-pk.online www-punjabpolice-gov-pk-sopforsecurityofforeignersandchinese.trans-aws.net # Reference: https://twitter.com/ShadowChasing1/status/1391976060472860675 paf-gov.com img-google.paf-gov.com # Reference: https://twitter.com/ShadowChasing1/status/1396809305194590211 # Reference: https://www.virustotal.com/gui/file/caaf44f16dcbee93071887ab6844ed79975ccd20f9008deb93c13bfdb436e0b0/detection bahariafoundation.org pmaesa.bahariafoundation.org # Reference: https://twitter.com/ShadowChasing1/status/1397135889327804417 comsates.org crisismanagementunit.comsates.org mofa-gov-pk-wireless.comsates.org # Reference: https://twitter.com/ShadowChasing1/status/1398171992554053632 # Reference: https://www.virustotal.com/gui/file/ff54e9228b7160f9272d67ad1423600d2cb7aa4d335412a28b11f63a517270fe/detection cdn-gov.net # Reference: https://twitter.com/Des00464472/status/1399969790471507968 paknavy-gov-cvic.fbise.org # Reference: https://twitter.com/BaoshengbinCumt/status/1403292104671916032 cdn-in.net punjabpolice.gov.pk.standingoperatingprocedureforemergencythreat.cdn-in.net # Reference: https://twitter.com/ShadowChasing1/status/1412695070659153925 # Reference: https://twitter.com/0xrb/status/1412727167151005703 pakmarines.com as.pakmarines.com dsadsa.pakmarines.com gov.pakmarines.com jmicc-gov-pk.pakmarines.com pmaesa.pakmarines.com pnwc-gov-pk.pakmarines.com pqa.gov.pakmarines.com # Reference: https://twitter.com/ShadowChasing1/status/1420762840479109122 # Reference: https://twitter.com/ShadowChasing1/status/1420762846980308999 # Reference: https://www.virustotal.com/gui/file/468351924d611359fb181855331da98359bb1b926b5ce3ee8cd3330986d6e12c/detection # Reference: https://www.virustotal.com/gui/file/84d5a31227eaa3be1134bb6f5a2f92c2621e738ee0c0c4f84758ae8d79d09526/detection pak-web.com fbr.pak-web.com # Reference: https://twitter.com/malwrhunterteam/status/1109085127290900480 nitb.pk-gov.org # Reference: https://mp.weixin.qq.com/s/dMFyLxsErYUZX7BQyBL9YQ (Chinese) # Note: APT-C-48 http://213.227.154.175 http://78.142.29.118 141.136.0.91:443 213.227.154.175:443 91.193.18.248:443 cert.pk-gov.org dns1.pk-gov.org nccs.pk-gov.org ntc-pk.sytes.net quwa-paf.servehttp.com /F453457Pl_TMP347923592380/ /pl200_TMP2831474WDF.php # Reference: https://twitter.com/ShadowChasing1/status/1466001768765018116 # Reference: https://www.virustotal.com/gui/file/38853bf262979313483310502d14a78db147586880d34571edf4d90e4bf05eb1 mofa.live aitkenspencelogistics.mofa.live careitservices.mofa.live dsfvgbh.mofa.live paknavy.mofa.live # Reference: https://twitter.com/ShadowChasing1/status/1466686780531363840 # Reference: https://www.virustotal.com/gui/file/92dbd7f4399bce8b75e2c248af855df498bbed7e342c2d98ff6fcf15b611c50e webarchive-datacenter.herokuapp.com # Reference: https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/ afghannewsnetwork.com afrepublic.xyz amsss.in appsstore.in eurekawatersolution.com maajankidevisevasansthan.org newsroom247.xyz republicofaf.xyz scouttable.xyz securecheker.in securedesk.one scout.fontsplugins.com # Reference: https://twitter.com/souiten/status/1467674804211777536 # Reference: https://twitter.com/souiten/status/1467689489145339915 # Reference: https://twitter.com/souiten/status/1467693133001486337 # Reference: https://www.virustotal.com/gui/file/04206a2217be8d09e6dc6989d2a2b9aae8623f8fac962e5e07d9fa1a1577998b/detection 173.212.242.43:57149 paryavaranindia.com/css/files/docs/Updated-Leave-Rules-Fourth-Edition/css paryavaranindia.com/css/files/hulfz/ # Reference: https://twitter.com/h2jazi/status/1469399194435735553 # Reference: https://twitter.com/h2jazi/status/1469399196369313792 # Reference: https://www.virustotal.com/gui/file/2cf842ec2bac099d200c079375a4be7a4d0b3b5869dd739582b7df168e6c4fb6 # Reference: https://www.virustotal.com/gui/file/a7b52acc18ce7fd14b4a410019a1f0042a6743dcbe887e82d498130848ce195c/detection # Reference: https://www.virustotal.com/gui/file/c02108f0b413ecdcb8fe48ff445cb75d45324bfd06734011409de57c7cfdeb73/detection # Reference: https://www.virustotal.com/gui/file/4219de40e65c89ecba9bd392f744fa26b867cad82d1b994e1e9266482089d8f9/detection # Reference: https://www.virustotal.com/gui/file/16467586cb1a11ce2e1ca81ae6fb490fbc8f5602245f883c14e940189dfd2b79/detection http://62.171.172.199 62.171.172.199:443 62.171.172.199:81 # Reference: https://twitter.com/GGGGh0st/status/1471323446713864193 # Reference: https://www.virustotal.com/gui/file/1bf584616477e16b54d6be7ce4d69f7ea26ee7841ec9a17ed162f4d560ab125a/detection 62.171.187.53:43 62.171.187.53:44 62.171.187.53:45 # Reference: https://twitter.com/ShadowChasing1/status/1474901903418949636 # Reference: https://twitter.com/ShadowChasing1/status/1474901905474129922 # Reference: https://www.virustotal.com/gui/file/d3a0b7c5a1eafbf7d381b6ee064083496476163da5dfed53096fac36c2b30738/detection bahariafoundation.live compress.bahariafoundation.live invitation.bahariafoundation.live mohgovsg.bahariafoundation.live pnwc.bahariafoundation.live # Reference: https://twitter.com/ShadowChasing1/status/1435546349856907268 # Reference: https://www.virustotal.com/gui/file/da08044373bc9bd54fd2ead9705446917e8f6e53d32f0885854e720e601cdbef/detection asw-sns.link edu-cx.org afd.edu-cx.org f.edu-cx.org fsfdsf.edu-cx.org go.edu-cx.org mofagovpk.edu-cx.org paknavy.edu-cx.org rkvisa200de.edu-cx.org rrkvisa200de.edu-cx.org yahoo.edu-cx.org # Reference: https://twitter.com/ShadowChasing1/status/1433038639961804800 # Reference: https://www.virustotal.com/gui/file/8a1c9a28ba0c74bafd71705aa12128831d66bbae06536a81d680cd207e740a65/detection ppra.live nima.ppra.live # Reference: https://twitter.com/ShadowChasing1/status/1427258373532119044 # Reference: https://www.virustotal.com/gui/file/66ddbdfe9328d6a3f49abbb814252617fce0e05934ceeef9813e8bd30385fe50/detection ppinewsagency.live behr.ppinewsagency.live # Reference: https://twitter.com/h2jazi/status/1478496217789341698 # Reference: https://www.virustotal.com/gui/file/df0b09c9f359f2e086e5e6b78f6fc6f63c9be1c6023cc6ee1e698d6e0daba31b/detection teckblog.live ms.teckblog.live # Reference: https://twitter.com/s1ckb017/status/1478750005594927109 # Reference: https://twitter.com/s1ckb017/status/1478750907827429380 # Reference: https://twitter.com/500mk500/status/1478758092611407876 # Reference: https://www.virustotal.com/gui/ip-address/164.68.108.153/relations # Reference: https://www.virustotal.com/gui/file/88a174855020c69d7719779a09c9b1058ec6732aa0fb04343c1d82fe13ca2e6e/detection # Reference: https://www.virustotal.com/gui/file/f4777f8751ed6818a693817513a5685f13a249803658d1f12190d7b1aa26079e/detection # Reference: https://www.virustotal.com/gui/file/9abd42a9f2cc147db47d4bb9598870eab96a2094964e97a6cb231f58d4d4ada2/detection # Reference: https://www.virustotal.com/gui/file/c401fc82d3ffdf118aac1bc247838fcd554b7faa3fd10aaa00ed83d80d00b87b/detection 164.68.108.153:4142 164.68.108.153:5000 164.68.108.153:8062 digitalworldonline.net # Reference: https://twitter.com/uslss_etr/status/1478784684452720646 # Reference: https://www.virustotal.com/gui/domain/paknvay-pk.net/relations # Reference: https://www.virustotal.com/gui/ip-address/94.158.245.67/relations # Reference: https://www.virustotal.com/gui/file/146e2c51cd7c904e0eeb641daa6ee956e80b48b198b9d2a9fd9b92b68399f9d1/detection # Reference: https://www.virustotal.com/gui/file/e74be8bbad2fa8577b7383e6ad4dffd5d0cd44e75c0a7148a971c417d38d8ee7/detection paknvay-pk.net careitservices.paknvay-pk.net dgpr.paknvay-pk.net mofa.paknvay-pk.net # Reference: https://www.virustotal.com/gui/domain/cdn-noc.net/relations cdn-noc.net # Reference: https://twitter.com/souiten/status/1474200802344386560 # Reference: https://www.virustotal.com/gui/file/ed4912f09e212479a319de1e95dd3e7d0e3574658be60782369c0e7a19ae0173/detection 62.171.172.199:88 # Reference: https://twitter.com/h2jazi/status/1479502335328112645 # Reference: https://www.virustotal.com/gui/ip-address/144.126.141.41/relations # Reference: https://www.virustotal.com/gui/file/d15f76acb846b237956a6373bd6646ef804419dd9a9fd3c9501acc241fcddff9/detection # Reference: https://www.virustotal.com/gui/file/947b81c1ecdb34533f7bc9c41d6678fa525c17eae5b8f383e89c6c66db0743c1/detection afcat.xyz # Reference: https://twitter.com/alex_lanstein/status/1479569375971713029 # Reference: https://pastebin.com/9HwieuS2 moma-pk.org dfgrthy.moma-pk.org mofa.moma-pk.org sppc.moma-pk.org # Reference: https://www.virustotal.com/gui/domain/cvix.live/relations cvix.live cn.cvix.live cosmic.cvix.live defencelk.cvix.live mailaplf.cvix.live mailmfagovnp.cvix.live mailmofagoug.cvix.live mailmofagovpk.cvix.live mailoutlookcom.cvix.live mailyahoocom.cvix.live # Reference: https://twitter.com/ShadowChasing1/status/1481583143735808001 # Reference: https://www.virustotal.com/gui/file/cb933361cd6c26ca61c441a40da394a505086f572fd7e9bd425bf086adf50edc/detection ministry-pk.net cabinet-gov-pk.ministry-pk.net # Reference: https://twitter.com/cyber__sloth/status/1485361081329631236 email-gov-in.digital mailnic.info indianarmy.mailnic.info kavach.mailnic.info mod.mailnic.info passapp.mailnic.info # Reference: https://twitter.com/uslss_etr/status/1489274205917044736 # Reference: https://www.virustotal.com/gui/file/85ab1c3ee01c5456eb45bf13c69dda88fa014a1dc5e832bdaa3e801a29d84ccd/detection aeltron.xyz incometaxreturn.aeltron.xyz instructions.aeltron.xyz rgdtyt.aeltron.xyz # Reference: https://twitter.com/ShadowChasing1/status/1490984172797984770 # Reference: https://www.virustotal.com/gui/file/eeeb99f94029fd366dcde7da2a75a849833c5f5932d8f1412a89ca15b9e9ebb7/detection mod-pk.com dgmp-paknavy.mod-pk.com # Reference: http://blog.talosintelligence.com/2022/02/whats-with-shared-vba-code.html # Reference: https://www.virustotal.com/gui/ip-address/45.153.240.66/relations changeworld.hopto.org mail-argaf.myftp.org mail-meagovmv.hopto.org mail-modaf.hopto.org mail-modgav.hopto.org mail-mofa.hopto.org mail-mofagovpk.myftp.org mail-mopitgovnp.hopto.org mail-nepalpolgavnp.hopto.org mail-nepalpolice.hopto.org mail-opmcmgavnp.hopto.org microsoft-winupdate.servehttp.com teamchat.hopto.org webmail-accbt.hopto.org webmail-morrgovaf.hopto.org # Reference: https://twitter.com/souiten/status/1491681294391992325 # Reference: https://www.virustotal.com/gui/file/44c720bc1adde78e11c202615260fb9e2e4301cf06edfefe06cde09a373a6c0e/detection asianetnews.xyz awww.asianetnews.xyz mofa-gov-pk.asianetnews.xyz ofa-gov-pk.asianetnews.xyz # Reference: https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt bbcworld-news.net newsinbbc.com # Reference: https://twitter.com/uslss_etr/status/1496118824944697345 # Reference: https://www.virustotal.com/gui/file/94214e83441e3a6a5cde971f6abe0d4bf226fd0750a0ad26d2241c085de9b604/detection crclab-bahria.org dbms.crclab-bahria.org # Reference: https://twitter.com/__0XYC__/status/1502593457201811459 nationalhelpdesk.pk pkgov.org sngpl.org.pk bok.pkgov.org bop.pkgov.org csd.pkgov.org cybernet.pkgov.org dawn.pkgov.org energy.pkgov.org fauji.pkgov.org mail.pkgov.org mofa.pkgov.org myth.pkgov.org nespak.pkgov.org nitb.pkgov.org nlc.pkgov.org np.pkgov.org nrlpak.pkgov.org ns1.pkgov.org ns2.pkgov.org ntc.pkgov.org ntdc.pkgov.org ogdcl.pkgov.org pakoil.pkgov.org parco.pkgov.org pmo.nationalhelpdesk.pk pmsa.pkgov.org ptcl.pkgov.org ptv.pkgov.org radio.pkgov.org sco.pkgov.org ssgc.pkgov.org sui.nationalhelpdesk.pk wapda.pkgov.org web.sngpl.org.pk whale.pkgov.org email.nespak.pkgov.org email.nitb.pkgov.org email.nlc.pkgov.org lotussrv01.fauji.pkgov.org mail-corp.cybernet.pkgov.org mail.bok.pkgov.org mail.bop.pkgov.org mail.csd.pkgov.org mail.dawn.pkgov.org mail.mofa.pkgov.org mail.nrlpak.pkgov.org mail.ntc.pkgov.org mail.ntdc.pkgov.org mail.ogdcl.pkgov.org mail.pakoil.pkgov.org mail.pkgov.org mail.pmsa.pkgov.org mail.ptv.pkgov.org mail.radio.pkgov.org mail.sco.pkgov.org parchqwebmail.parco.pkgov.org webmail.cybernet.pkgov.org webmail.ssgc.pkgov.org webmail.wapda.pkgov.org zmail.ptcl.pkgov.org # Reference: https://twitter.com/ShadowChasing1/status/1504347312838959106 # Reference: https://research.checkpoint.com/2022/state-sponsored-attack-groups-capitalise-on-russia-ukraine-war-for-cyber-espionage/ # Reference: https://www.virustotal.com/gui/domain/kpt-pk.net/relations # Reference: https://otx.alienvault.com/pulse/624c29baad734a210134b02c # Reference: https://www.virustotal.com/gui/file/f765b0b6e4a34eb95c6f0ddf058bc88d5ef9ec2b11a5f3504d1673f4f69aceca/detection kpt-pk.net awww.kpt-pk.net job.kpt-pk.net maritimepakistan.kpt-pk.net # Reference: https://twitter.com/ShadowChasing1/status/1512011407838961664 # Reference: https://www.virustotal.com/gui/file/37baf7415c755688e1e89679130b5cfd713d662330734eb310089d1f2afd82b8/detection ksew.org srilankanavy.ksew.org # Reference: https://twitter.com/ShadowChasing1/status/1518594904393355264 # Reference: https://www.virustotal.com/gui/file/5dfe303f04e3432101b676fa0f230667eb6c9bc1715d5b4042f99d9522aa00fe/detection ksewpk.com defrgthyj.ksewpk.com mofabn.ksewpk.com # Reference: https://twitter.com/botlabsDev/status/1522500574956109825 # Reference: https://www.virustotal.com/gui/file/b3caa7ce9a8de209d5a63ab95485c1181f7fca03346330fe92ff3c0a0a9c1040/detection paknavy.live awww.paknavy.live dxfgbdfh.paknavy.live pmsa.paknavy.live yfghvjb.paknavy.live # Reference: https://twitter.com/blackorbird/status/1526840629010894848 # Reference: https://mp.weixin.qq.com/s/qsGxZIiTsuI7o-_XmiHLHg # Reference: https://otx.alienvault.com/pulse/6285048d921d21c8d9beaf1f # Reference: https://www.virustotal.com/gui/domain/cssc.info/relations cssc.info job.cssc.info mailcantonfair.cssc.info mailcitifs.cssc.info mailgu.cssc.info mailmofa.cssc.info mailturkmenembassy.cssc.info mofa.cssc.info rancher.cssc.info sdgsfg.cssc.info # Reference: https://twitter.com/__0XYC__/status/1528616671103131649 # Reference: https://www.virustotal.com/gui/ip-address/92.118.190.165/relations # Reference: https://www.virustotal.com/gui/file/fedc3b7cdb07f7b6f5a6bc85720528057297282bfae7960b3d33001ab34a51d6/detection govpk-mail.net csd.govpk-mail.net finance.govpk-mail.net # Reference: https://twitter.com/__0XYC__/status/1529707301979947009 # Reference: https://twitter.com/0xrb/status/1529709439808602113 # Reference: https://www.virustotal.com/gui/domain/interior-pk.org/relations # Reference: https://www.virustotal.com/gui/file/6f4e89fce6a490d619cad9078079c6f6694b2798fc875288faa92b721f25d3cb/detection comsats.xyz interior-pk.org awww.interior-pk.org mofa-gov.interior-pk.org punjab.interior-pk.org paknavy.comsats.xyz # Reference: https://twitter.com/virqdroid/status/1532094635170238464 # Reference: https://twitter.com/ReBensk/status/1532245757322924032 # Reference: https://www.virustotal.com/gui/ip-address/2.56.245.21/relations pakgov.net covid.pakgov.net csd.pakgov.net dvdbhjk.pakgov.net finance.pakgov.net financial.pakgov.net flix.pakgov.net hajj.pakgov.net ji.pakgov.net nadra.pakgov.net ncoc.pakgov.net nhsrc.pakgov.net pt.pakgov.net vpn.pakgov.net wsde.pakgov.net ww2.pakgov.net # Reference: https://blog.group-ib.com/sidewinder-antibot # Reference: https://otx.alienvault.com/pulse/62987c8eafd38f2088986035 bahariafoundation.org bbcnew.cn bitlyy.me cdn-pak.net cloud-apt.net cr20g.org csd-pk.co cvix.live dawnpk.org docuserve.ltd edu-cx.org fdn-trace.net fileserve.work gov-mail.net gov.pakmarines govpk-mail.net iugur.live kdf-mail.com kpt-pk.net krlwin.org ksew.org mod-pk.com mohp-gov.org moma-pk.org paf-gov.net pafwa.info pak-gov.com pak-web.com pakgov.net pakgov.org pakmarines.com paknvay-pk.net pkrepublic.org ppinewsagency.live tin-url.com vpn-secure.co api.vpn-secure.co as.pakmarines.com askari.bitlyy.me askaribank.bitlyy.me bangladeshmarineacademylibrary.ppinewsagency.live bb.kdf-mail.com china.bbcnew.cn covid.bbcnew.cn covid.pakgov.net covid.pkrepublic.org covid19.mohp-gov.org csd.bitlyy.me csd.pakgov.net dasds.pak-gov.com dasdsadsa.pak-gov.com dawn.pakgov.org defencelk.cvix.live dgmp-paknavy.mod-pk.com dgpr.paknvay-pk.net dha.pakgov.org dsadsa.pakmarines.com dsasa.cr20g.org faujifoundation.bitlyy.me fbr.pak-web.com fdscv.tin-url.com finance.govpk-mail.net finance.pakgov.net financial.pakgov.net flix.pakgov.net hajj.pakgov.net hajjplanner.bitlyy.me hajjplanner.tin-url.com hbl.pakgov.org hpupdate.csd-pk.co ibn.cdn-pak.net independenceday.pafwa.info islamabadclub.docuserve.ltd islamicfinder.bitlyy.me ji.pakgov.net jp.pkrepublic.org karachishipyard.krlwin.org ltd.cdn-pak.net luckydraw.csd-pk.co mail.paf-gov.net mail.pak-gov.com mailmofagovpk.cdn-pak.net mailoutlookcom.cvix.live maritimepakistan.kpt-pk.net meet.kdf-mail.com min.tin-url.com ministryofinterior.fileserve.work mofa-gov-pk.fdn-trace.net mofa.iugur.live mofa.paknvay-pk.net nadra.pakgov.net ncoc.pakgov.net news.bitlyy.me news.dawnpk.org news.kdf-mail.com news.pakgov.org news.pkrepublic.org nhsrc.pakgov.net niims.pakgov.org paf.gov-mail.net pafroa.pak-gov.com paknavy.edu-cx.org pk.kdf-mail.com pkflix.bitlyy.me pkflix.tin-url.com pmaesa.bahariafoundation.org pqa.gov.pakmarines.com pt.pakgov.net sbp.pakgov.org sec-vpn.bitlyy.me secp.pakgov.org secure.tin-url.com shoprex.bitlyy.me smstest.kdf-mail.com sppc.moma-pk.org srilankanavy.ksew.org t.bitlyy.me telemart.bitlyy.me ubl.pakgov.org vim.kdf-mail.com vpn.pakgov.net vpn.tin-url.com wsde.pakgov.net wsed.pkrepublic.org ww2.pakgov.net xyz.kdf-mail.com # Reference: https://twitter.com/GroupIB_GIB/status/1532651046111023104 # Reference: https://www.virustotal.com/gui/file/e089dc65af44ff334304e52c29755c96460691d93cfd4e4ab75f75bc6078993e/detection # Reference: https://www.virustotal.com/gui/file/42b828e187e4b7f1ca5d774553c8b85c1fed204a2a5a8c50fd4c7e9a491fb118/detection almighty-allah.com supremeallah.world api.almighty-allah.com api.supremeallah.world # Reference: https://twitter.com/GroupIB_GIB/status/1532651049776865280 # Reference: https://www.virustotal.com/gui/domain/srvapp.co/relations # Reference: https://www.virustotal.com/gui/ip-address/185.225.19.142/relations # Reference: https://www.virustotal.com/gui/file/c17cbe229e743df8993b96f2887393b2565ae355f3ba61d09c901e552e7ee4d1/detection srvapp.co awww.srvapp.co discount.srvapp.co localhost.srvapp.co register.srvapp.co # Reference: https://twitter.com/blackorbird/status/1534373342446202881 # Reference: https://mp.weixin.qq.com/s/8j_rHA7gdMxY1_X8alj8Zg (Chinese) # Reference: https://www.virustotal.com/gui/file/d74900bf7418f3ad39a5ab27326ad6591f792d1dfdfe44deb89f1b319b7d83b4/detection afg-refugee.net brwse.co civix.live crclab-bahria.org cssc.info cvix.live dawnpk.org docusserve.cc docusserve.ltd doken.xyz fdn-mac.net filedownload.work gov-pk.net kpt-pk.net ministry-pk.net mod-pk.com mofa-pk.co nationpk.org norter.xyz paf-gov.net paf-mail.com pak-gov.net pakgov.net pakgov.org paknavy.live pkrepublic.org slap-games.club trik.live watch-earn.live api.watch-earn.live # Reference: https://twitter.com/h2jazi/status/1536330475656171520 # Reference: https://www.virustotal.com/gui/file/cf79ecafd3e1ae354fcf9cf33acdb06b6b64dc9a8128656a9d27ff94e154f9c4/detection bahriafoundation.live pnwc.bahriafoundation.live # Reference: https://otx.alienvault.com/pulse/62a864daa688835ed774c449 srvapp.co register.srvapp.co # Reference: https://twitter.com/h2jazi/status/1536707820799807489 # Reference: https://www.virustotal.com/gui/ip-address/5.230.71.95/relations # Reference: https://www.virustotal.com/gui/file/4bad3e34a192a8f305e188538b4370ea835446cc6ba32fe046d9a5f2bc3df172/detection jmicc.xyz navy.jmicc.xyz navy-mil-bd.jmicc.xyz # Reference: https://twitter.com/malwareforme/status/1540037682314629120 # Reference: https://www.virustotal.com/gui/ip-address/5.230.69.153/relations # Reference: https://www.virustotal.com/gui/file/ee77e136f7df758c2ab9092529dc5c6b64b35bc9f4d2c16c65bcd05965ccd92a/detection alit.live bdmil.alit.live mailmofa.alit.live mailh.alit.live # Reference: https://twitter.com/BaoshengbinCumt/status/1545247231938244610 mail-mofa-gov-pk-satellite-proposal-for-pakistan-files-ops.netlify.app # Reference: https://twitter.com/Malwar3Ninja/status/1545376308196147200 mofa-pk.org br.mofa-pk.org mofa.g0v.cq.cn # Reference: https://blog.checkpoint.com/2022/07/13/a-hit-is-made-suspected-india-based-sidewinder-apt-successfully-cyber-attacks-pakistan-military-focused-targets/ # Reference: https://otx.alienvault.com/pulse/62cffda72568807d4e9a9f2e # Reference: https://www.virustotal.com/gui/ip-address/5.230.67.73/relations # Reference: https://www.virustotal.com/gui/file/898513123f0f0342b1c47a4a65c88a60f895f90a9d0fa5fc5928c26dfab622b0/detection bgevin.live eterplicity.live polvcrit.info cdn.bgevin.live cdn.polvcrit.info /W6taHcwqKwhgzWGWr7ElpRAfWA7JcsXC0A2a4eFv/ # Reference: https://twitter.com/h2jazi/status/1549762807624880128 # Reference: https://www.virustotal.com/gui/file/cd1a9ae4a3968643a6fb41b36b67838d952dac83ad63c63ce4ad3c672fac31b8/detection kpt-gov.org discount.kpt-gov.org ksew.kpt-gov.org # Reference: https://twitter.com/h2jazi/status/1550524741202726919 # Reference: https://www.virustotal.com/gui/file/a28a5417d707ecae61313bd5b7c53736d40afba2280cd7ae673963075ae37072/detection paf-gov.org awww.paf-gov.org summer.paf-gov.org finance.paf-gov.org # Reference: https://twitter.com/Des00464472/status/1550064523964338176 # Reference: https://www.virustotal.com/gui/ip-address/5.230.72.15/relations ghaflah.top cdn.ghaflah.top # Reference: https://twitter.com/Des00464472/status/1548924681008590853 mawazna.info # Reference: https://twitter.com/Des00464472/status/1531519247293513728 bluket.live # Reference: https://twitter.com/Des00464472/status/1528935733888970753 # Reference: https://www.virustotal.com/gui/ip-address/185.234.72.188/relations # Reference: https://www.virustotal.com/gui/ip-address/45.138.172.23/relations balcon.live greploc.live cdn.greploc.live tray.balcon.live treaty.balcon.live # Reference: https://twitter.com/Des00464472/status/1555024895020769280 paf-media.com # Reference: https://twitter.com/Des00464472/status/1553931751852244992 # Reference: https://www.virustotal.com/gui/ip-address/192.71.166.139/relations ubrig.live cdn.ubrig.live # Reference: https://twitter.com/Des00464472/status/1559010528013729792 fritor.xyz cdn.fritor.xyz # Reference: https://twitter.com/Des00464472/status/1559395659559899136 # Reference: https://www.virustotal.com/gui/ip-address/151.236.21.26/relations nelpec.top cdn.nelpec.top # Reference: https://twitter.com/uslss_etr/status/1562641328055336960 # Reference: https://www.virustotal.com/gui/ip-address/103.149.46.237/relations # Reference: https://www.virustotal.com/gui/file/efac11fcecbceb4e6273852207a3875ac1edd69158415c3a0bba704e58adeb2c/detection office-drive.live dsfbgnh.office-drive.live sl-navy.office-drive.live # Reference: https://twitter.com/Des00464472/status/1567657961887252480 # Reference: https://www.virustotal.com/gui/ip-address/5.255.104.124/relations cssc.live mailarmy.cssc.live mailoutlook.cssc.live # Reference: https://twitter.com/Des00464472/status/1569818563657224193 gov-pknet.org # Reference: https://twitter.com/malwrhunterteam/status/1570061932706635781 # Reference: https://twitter.com/h2jazi/status/1570070185620512768 # Reference: https://www.virustotal.com/gui/file/719cbc3e08d90d557d464f1a27498626c1b76d6e8db302cb53cb3013a1c35dee/detection d2klia4zfdp2mg.cloudfront.net # Reference: https://twitter.com/uslss_etr/status/1570487402694590464 # Reference: https://www.virustotal.com/gui/file/53cc8f46f10e4b3958834d75b15db3aa0d8c86a63b8bd3e6ac180c05ce27d748/detection ptcl-gov.com mofadividion.ptcl-gov.com # Reference: https://twitter.com/Des00464472/status/1571639928483885056 hare-ap.live # Reference: https://twitter.com/RedDrip7/status/1575745702021705728 # Reference: https://www.virustotal.com/gui/file/e6a6066594160a053fe7d68d688b95920936d5880a37a2c91872fb2fc128adf6/detection # Reference: https://www.virustotal.com/gui/file/5eec9df0c62b8a0d8c922d366e38ac91907d2a7f5cd13a717d7714015ae362c1/detection # Reference: https://www.virustotal.com/gui/file/37eca58386fbf9c1e381f88776435565623e3d2d1e2b01218f7717b963449735/detection comsats-net.com lforvk.com moma.comsats-net.com promotionlist.comsats-net.com srilanka-navy.lforvk.com # Reference: https://twitter.com/__0XYC__/status/1580083623717658624 # Reference: https://twitter.com/__0XYC__/status/1580796395052670976 # Reference: https://www.virustotal.com/gui/file/cd592c969a3a940e43888a1902ec9e4605ed28676d3945ab84d72175fbc87253/detection # Reference: https://www.virustotal.com/gui/file/bbcca0dc10b700c01e557612f009c050ca618f227e0b8be3d4f471dd9d887a18/detection comsats-mail.pk ntc-gov.com paf-pk-gov.org finance.gov.pk.ntc-gov.com # Reference: https://twitter.com/Des00464472/status/1582922779707703297 bentec.tech front.bentec.tech # Reference: https://twitter.com/t3ft3lb/status/1582838910857932802 # Reference: https://www.virustotal.com/gui/file/808058f4e1c47b91cacfc032f348a617961a463d19ee5389f472d29c65197438/detection tsinghua.institute awww.tsinghua.institute fdgnyt.tsinghua.institute mail.tsinghua.institute # Reference: https://twitter.com/ShadowChasing1/status/1583063616667799552 # Reference: https://www.virustotal.com/gui/file/b27968c0d0f55a06cbf424cacf62d0b22e64f021c72d51d4adb0c1771709fe70/detection gov-net.co finance.gov-net.co # Reference: https://www.zscaler.com/blogs/security-research/warhawk-new-backdoor-arsenal-sidewinder-apt-group-0 (# WarHawk) # Reference: https://www.virustotal.com/gui/ip-address/3.239.29.103/relations # Reference: https://www.virustotal.com/gui/file/58b3686e4255d32dbcf7dee9dac1d5be6d4692d086cde167da1e1a5e0e1b315a/detection # Reference: https://www.virustotal.com/gui/file/624c6b56ee3865f4a5792ad1946a8e86b876440a5af3bac22ac1dee92f1b7372/detection # Reference: https://www.virustotal.com/gui/file/7d3574c62df44b74337fc74ec7877792b4ffa1486a49bb19668433c3ca8836b5/detection # Reference: https://www.virustotal.com/gui/file/f97d5d3e1c2ceb3e9d23ae5b5d4e7c9857155df5acf7f67fee995cb041c797dc/detection http://146.190.235.137 74.125.196.113:53 customs-lk.org fia-gov.org nadra-pk.org 1c1157fa.caa.update.customs-lk.org 1d06bfb2.check.update.fia-gov.org 1d06bfb2.local.update.fia-gov.org 1d06bfb2.scan.update.fia-gov.org 64115cb6.check.update.fia-gov.org 753fa5b2.check.update.fia-gov.org a.bc.1d06bfb2.check.update.fia-gov.org a.bc.1d06bfb2.local.update.fia-gov.org a.bc.1d06bfb2.scan.update.fia-gov.org a.bc.64115cb6.check.update.fia-gov.org bc.1d06bfb2.local.update.fia-gov.org bc.1d06bfb2.scan.update.fia-gov.org bc.753fa5b2.check.update.fia-gov.org caa.update.customs-lk.org check.update.fia-gov.org generic.update.fia-gov.org lms.update.fia-gov.org local.update.fia-gov.org microsoft.update.fia-gov.org nadra.update.customs-lk.org scan.update.fia-gov.org update.customs-lk.org update.fia-gov.org nepra.org.pk/css/32-Advisory-No-32.iso /wh/glass.php # Reference: https://twitter.com/Des00464472/status/1585171289261891585 plokin.top count.plokin.top # Reference: https://twitter.com/Timele9527/status/1585824832842653696 # Reference: https://twitter.com/Timele9527/status/1585824983598538752 alit.info civix.site direct88.org fenctor.top file-server.co gov-netpk.net hblbank.co marksafe.org net-pk.org outlookk.co paf-govt.com paf-govt.org pak-navy.co paknavy.net paknavygov.org playstore.cloud reas.tech supportgovpk.co tinlly.co tinly.org vopler.tech # Reference: https://twitter.com/Des00464472/status/1586959212596563968 tonse.info rock.tonse.info # Reference: https://twitter.com/jaydinbas/status/1591096310870179840 # Reference: https://www.virustotal.com/gui/ip-address/5.230.74.58/relations # Reference: https://www.virustotal.com/gui/file/ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf/detection mofagov.com mailnepalarmy.mofagov.com # Reference: https://twitter.com/Des00464472/status/1592039315823276032 play-store.co google.play-store.co hostmaster.play-store.co # Reference: https://twitter.com/Des00464472/status/1592393354138259457 # Reference: https://www.virustotal.com/gui/ip-address/192.36.41.43/relations fbr.net-pk.org # Reference: https://twitter.com/Des00464472/status/1597099850075901957 # Reference: https://www.virustotal.com/gui/ip-address/158.255.211.188/relations # Reference: https://www.virustotal.com/gui/file/023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284/detection mofs-gov.org mailpakbj.mofs-gov.org mailv.mofs-gov.org # Reference: https://twitter.com/Des00464472/status/1597474158367379456 graty.tech guide.graty.tech # Reference: https://twitter.com/RedDrip7/status/1598252489866121216 # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.106/relations # Reference: https://www.virustotal.com/gui/file/cd09bf437f46210521ad5c21891414f236e29aa6869906820c7c9dc2b565d8be/detection bol-north.com abc.bol-north.com cdsve.bol-north.com dgdfvdf.bol-north.com dger.bol-north.com dvdf.bol-north.com fyujv.bol-north.com pnwc.bol-north.com pnwc.bol-north.com # Reference: https://twitter.com/Des00464472/status/1599652629403299840 appsrv.live # Reference: https://twitter.com/malwareforme/status/1600150609616949248 # Reference: https://www.virustotal.com/gui/file/bc9d4eb09711f92e4e260efcf7e48906dca6bf239841e976972fd74dac412e2f/detection downld.net paknavy-gov-pk.downld.net # Reference: https://twitter.com/t3ft3lb/status/1605501885531553797 # Reference: https://www.virustotal.com/gui/file/46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e/detection paf-govt.net csd.paf-govt.net # Reference: https://twitter.com/fr0s7_/status/1605917826711048193 # Reference: https://www.virustotal.com/gui/file/a2faee1e5fe8717d6360458f1fd6d83902a2c9c6bb2e84f9ea5e4b67ffafbebd/detection foodies.alit.info mail.alit.info maildefence.alit.info mailmofa.alit.info # Reference: https://twitter.com/Des00464472/status/1621434286816759808 # Reference: https://www.virustotal.com/gui/ip-address/5.255.105.243/relations pmdu-gov.org dsfgb.pmdu-gov.org elchxdnj.pmdu-gov.org ghj.pmdu-gov.org qhacgeao.pmdu-gov.org # Reference: https://twitter.com/GroupIB_TI/status/1625762101758140416 http://160.20.147.84 http://185.163.47.226 http://185.243.112.186 http://185.248.101.231 http://185.248.102.15 http://194.32.76.244 http://45.153.240.66 http://45.92.156.114 http://46.30.188.222 http://5.2.79.135 http://83.171.236.49 akamai.servehttp.com bankofceylon.sytes.net expolanka.serveftp.com gavaf.org gavnp.org lankabelltd.myftp.org mail-mohs.ddns.net mail.gavaf.org mail.nepal.gavnp.org nepal.gavnp.org nic-share.myftp.org nucleusvision.co outlook.gavaf.org sltelecom.servehttp.com sltmobitel.hopto.org srilankanairlines.redirectme.net webmail.gavaf.org windowupdate.myftp.org /@/@/h31l0 # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1626044765874814977 # Reference: https://www.virustotal.com/gui/ip-address/62.113.255.80/relations # Reference: https://www.virustotal.com/gui/file/0ad752520774efca09add91df67ec72d2b1a8b503975569b077e43f40fc7a599/detection mod-gov.org gysdj.mod-gov.org iididbiy.mod-gov.org service.mod-gov.org slpa.mod-gov.org # Reference: https://twitter.com/ThreatBookLabs/status/1628764544331059201 sinacn.co # Reference: https://twitter.com/jaydinbas/status/1629149185806069761 # Reference: https://www.virustotal.com/gui/file/f81d1c47a666d4ec32e69b3e1312dda62c932298e32cc42d5c0c6543589d96be/detection # Reference: https://www.virustotal.com/gui/file/3ed1dc92e8399f062e5e62e5483a87736e51ad4ce651f0628abf98d5e10aee27/detection kcps.edu.in/css/fonts/files/jquery/ kcps.edu.in/css/fonts/files/ntsfonts/ kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/ /graentsodocumentso/ganeshostwoso/ /graentsodocumentso/ /ganeshostwoso/ # Reference: https://twitter.com/StopMalvertisin/status/1630934296113577984 # Reference: https://www.virustotal.com/gui/file/cdcc1e6e62df117cc40103c3b2821c10fd5f0372cf06e238663e634a05741764/detection hpuniversity.in # Reference: https://twitter.com/suyog41/status/1633822870601363457 # Reference: https://twitter.com/bofheaded/status/1634309581705715712 # Reference: https://twitter.com/fmc_nan/status/1634096201577660416 # Reference: https://www.virustotal.com/gui/file/9aed0c5a047959ef38ec0555ccb647688c67557a6f8f60f691ab0ec096833cce/detection 144.91.72.17:8080 cornerstonebeverly.org/js/files/DRDO-K4-Missile-Clean-room cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso/pantomime.hta cornerstonebeverly.org/js/files/ntfonts/ cornerstonebeverly.org/js/files/ntfonts/avena # Reference: https://twitter.com/StopMalvertisin/status/1634084568608264192 # Reference: https://www.virustotal.com/gui/ip-address/79.141.174.208/relations # Reference: https://www.virustotal.com/gui/file/a45258389a3c0d4615f3414472c390a0aabe77315663398ebdea270b59b82a5c/detection bol-south.org mtss.bol-south.org # Reference: https://twitter.com/StopMalvertisin/status/1634084573620604934 # Reference: https://www.virustotal.com/gui/ip-address/5.255.106.249/relations # Reference: https://www.virustotal.com/gui/file/8af93bed967925b3e5a70d0ad90eae1f13bc6e362ae3dac705e984f8697aaaad/detection dowmload.net cstc-spares-vip-163.dowmload.net # Reference: https://twitter.com/bofheaded/status/1634290081627271168 connectiiest.com goinfinity.tech # Reference: https://twitter.com/StopMalvertisin/status/1638194026162827265 # Reference: https://www.virustotal.com/gui/file/7dcf935a24039dff2d084f41ab8ca318b28c53c01f9de069f087b3be15457ba9/detection defpak.org paknavy.defpak.org # Reference: https://twitter.com/ThreatBookLabs/status/1644346009198395392 awrah.live blesico.site # Reference: https://twitter.com/ThreatBookLabs/status/1645269421873840129 mod-gov.com # Reference: https://twitter.com/__0XYC__/status/1648577567840952321 # Reference: https://www.virustotal.com/gui/ip-address/2.58.14.249/relations fia-gov.com cabinet-division-pk.fia-gov.com dad.fia-gov.com desk.fia-gov.com foooders.fia-gov.com ghckjxvo.fia-gov.com m.fia-gov.com plbulcbo.fia-gov.com test.fia-gov.com tmlbxveb.fia-gov.com wndro.fia-gov.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1648890379943706625 halterarks.co.uk # Reference: https://twitter.com/jaydinbas/status/1653361390491430915 # Reference: https://www.virustotal.com/gui/ip-address/39.104.50.12/relations # Reference: https://www.virustotal.com/gui/file/88c10674bb6a53791bfe08497948699bf57ea9980a878a3a5fc1afb160d1d234/detection alibababackupcloud.com portal.alibababackupcloud.com secure.alibababackupcloud.com vpn.alibababackupcloud.com # Reference: https://twitter.com/500mk500/status/1653860821020049410 # Reference: https://www.virustotal.com/gui/file/d236df798c56b2a32ff744f16d93c6a0412b4caaf2ea35b171a3953b19609074/detection nadra-gov-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1655769610116038657 # Reference: https://threatbook.io/domain/ntc-pk.org ntc-pk.org # Reference: https://twitter.com/ThreatBookLabs/status/1656499255056687104 # Reference: https://www.virustotal.com/gui/ip-address/5.230.72.98/relations aliit.org cxvdfg.aliit.org # Reference: https://twitter.com/t3ft3lb/status/1656554005491859456 # Reference: https://x.com/banthisguy9349/status/1867536997528875196 # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.198/relations # Reference: https://www.virustotal.com/gui/file/a703c6772e8bcf7cd0aef05ecbee4c7f7f39371d45b42bf1030df2be5261717c/detection dytt88.org mail-dmp-navy-pk.dytt88.org ministryofforeignaffairs-mofa-gov-pk.dytt88.org ww25.mail-dmp-navy-pk.dytt88.org ww25.ministryofforeignaffairs-mofa-gov-pk.dytt88.org # Reference: https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan govpk.net paknavy-gov.com dgms.paknavy-gov.com forecast.comsats-net.com mailnavybd.govpk.net mailnavymilbd.govpk.net paknavy-gov-pkp.downld.net paknavy.jmicc.xyz paknavy.paknavy.live # Reference: https://twitter.com/ThreatBookLabs/status/1657207787397718018 daraz-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1657941419401805824 ntc-pk.com # Reference: https://twitter.com/ThreatBookLabs/status/1658323281420881926 govpk.org # Reference: https://www.bridewell.com/insights/news/detail/the-distinctive-rattle-of-apt-sidewinder aa173.bank-ok.com active.roteh.site aeryple.xyz agarg.tech ailyun.live amuck.scoler.tech article-viewer.com assbutt.xyz ausib-edu.org avail.freay.tech axis.heplor.biz bank-ok.com basic.gruh.site basis.agarg.tech blesis.live bless.agarg.tech bluedoor.click brac.tech brave.agarg.tech breat.info cater.sphery.live cdn.torsey.xyz ceiling.kalpo.xyz cert.repta.live climb.kalpo.xyz cluster.jotse.info confluence.assbutt.xyz countpro.info cpec.site csdstore.app cssc-net.co cvix.cc dirctt88.org directt88.org dolper.top dr-doom.xyz dsmes.xyz e-tohfa.net elopter.top enclose.info endure.sphery.live estate.ovil.tech fdrek.live file-download.co focus.mectel.tech focus.semain.tech found.neger.site found.troks.site freay.tech freedom.olerpic.info ftp.true-islam.org fujit.info gearfill.biz geoloc.top georgion.info gitlab.enclose.info glorec.tech gretic.info groove.olipy.info gruve.site hakimiya.live handle.proey.tech helpdesk-gov.info heplor.biz hertic.tech hldren.info hostmaster.enclose.info hread.live hyat.tech inkly.net insert.roteh.site islamic-path.com jester.hyat.tech jotse.info kalpo.xyz kito.countpro.info krontec.info leron.info leyra.tech lines.aeryple.xyz livo.silvon.site lucas.hertic.tech mat.trelin.tech mectel.tech mfagov.org moon.tfrend.org mopiler.top msoft-updt.net neger.site nelcec.info normal.aeryple.xyz offshore.leron.info olerpic.info olipy.info oprad.top opt.freay.tech ortra.tech ovil.tech paf-govt.info pak-gov.info pak-govt.net pak-news.info pastlet.live plors.tech portal.breat.info preag.info preat.fujit.info preat.info privacy.olerpic.info private.hldren.info proey.tech prol.info ptcl-gov.org rack.nelcec.info reay.tech repta.live reth.cvix.cc reveal.troks.site ridlay.live roof.wsink.live rugby.wsink.live sbp-pk.org sdfsdg.enclose.info semain.tech service.true-islam.org shortney.org shrtny.co shrtny.live silk.freat.site silvon.site sindhpolice-govpk.org sk.krontec.info spec.trelin.tech sphery.live split.tyoin.biz square.oprad.top srv-app.co storeapp.site straight.hldren.info support-twitter.com tab.gruve.site telemart-pk.com tfrend.org tiinly.co tinurl.click torsey.xyz treat.fraty.info trelin.tech troks.site true-islam.org tyoin.biz utilize.elopter.top verocal.info view.proey.tech vtray.tech wsink.live yrak.info zed.shrtny.live zolosy.top zone.vtray.tech zretw.xyz # Reference: https://twitter.com/ThreatBookLabs/status/1658669939010715653 # Reference: https://www.virustotal.com/gui/ip-address/192.36.27.97/relations efrgfh.pak-ntc.org emv1.pak-ntc.org service.pak-ntc.org # Reference: https://twitter.com/ThreatBookLabs/status/1659021576841601026 # Reference: https://www.virustotal.com/gui/ip-address/5.255.99.99/relations ntc-net.co emv1.ntc-net.co service.ntc-net.co # Reference: https://twitter.com/ThreatBookLabs/status/1660854037149884417 # Reference: https://www.virustotal.com/gui/ip-address/5.230.78.184/relations mofss.co drtgfhj.mofss.co emv1.mofss.co service.mofss.co # Reference: https://twitter.com/__0XYC__/status/1664581189766610944 # Reference: https://twitter.com/uslss_etr/status/1664705054069215252 # Reference: https://www.virustotal.com/gui/ip-address/8.208.90.73/relations # Reference: virustotal.com/gui/file/e7d2d26cc056b607b7af96cc08d66a168555afc38cf29b37729f4b90141fa5db/detection http://149.129.237.253 cons-mofagovpk.servehttp.com ebill-ptclnetpk.servehttp.com flysmart-piaccompk.servehttp.com mail-armybd.servehttp.com mailtest-mofa.servehttp.com nlc-govpk.servehttp.com offers-ptclnetpk.servehttp.com online-csdgovpk.servehttp.com rewards-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/146.70.161.36/relations pkgov-mail.com emv1.pkgov-mail.com service.pkgov-mail.com # Reference: https://twitter.com/ThreatBookLabs/status/1663729069811458048 # Reference: https://www.virustotal.com/gui/ip-address/5.230.78.76/relations ruve.live cgate.ruve.live volt.ruve.live # Reference: https://twitter.com/ThreatBookLabs/status/1663400816907272192 # Reference: https://www.virustotal.com/gui/ip-address/5.255.124.203/relations pargue.tech # Reference: https://twitter.com/ThreatBookLabs/status/1661558607857717248 data-protect.tech # Reference: https://twitter.com/StopMalvertisin/status/1668668882108940288 # Reference: https://www.virustotal.com/gui/ip-address/13.213.47.21/relations # Reference: https://www.virustotal.com/gui/file/8a431314696e82f994dd7fd32e6151232a9bbdc948c64cc6ee8a6e3dc67bb4f6/detection csd-govpk.servehttp.com finance-govpk.servehttp.com ntc-govpk.serveftp.com ntc-govpk.servehttp.com vpn-ptclnetpk.servehttp.com # Reference: https://twitter.com/TLP_R3D/status/1672174181935464448 pk-co.info # Reference: https://www.group-ib.com/blog/hunting-sidewinder/ bol-south.com ptcl-govp.org ishd.directt88.org microsoft-365.directt88.org punjabpolice-gov-pk.fia-gov.com # Reference: https://twitter.com/ThreatBookLabs/status/1675852641874632705 fssp.tech # Reference: https://twitter.com/TLP_R3D/status/1676537779574931457 # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.52/relations mofagov.live # Reference: https://twitter.com/t3ft3lb/status/1676511378117648386 # Reference: https://www.virustotal.com/gui/file/4e86f36820d5e96739fa6ed192d410eeca975c3a2ec48e13eb98d3486c9262b0/detection mailsiis.alit.info # Reference: https://twitter.com/TLP_R3D/status/1676680838774136832 # Reference: https://www.virustotal.com/gui/ip-address/193.42.39.133/relations ptcl-gov.info # Reference: https://twitter.com/__0XYC__/status/1676905915885187073 # Reference: https://www.virustotal.com/gui/file/3ef7b9a872dc1247edb0f3947d0db681ff14be81cb46be22ce4f896f2d2dc7f0/detection pakistanarmy.xyz # Reference: https://twitter.com/ThreatBookLabs/status/1678384704679182336 # Reference: https://www.virustotal.com/gui/ip-address/5.230.74.80/relations mofa-gov.info # Reference: https://twitter.com/ThreatBookLabs/status/1678934448186728448 cylit.info # Reference: https://twitter.com/ThreatBookLabs/status/1679132754842390529 nbcot.info # Reference: https://twitter.com/ThreatBookLabs/status/1680766347255611394 mofagov.info # Reference: https://twitter.com/ThreatBookLabs/status/1680943216114253825 tref.tech # Reference: https://twitter.com/ThreatBookLabs/status/1681132716534923267 # Reference: https://www.virustotal.com/gui/ip-address/85.113.70.48/relations mod-pkgov.org mailafdbd.mod-pkgov.org # Reference: https://twitter.com/Axel_F5/status/1681354510642429982 # Reference: https://www.virustotal.com/gui/file/61a839aaba4807e492922a3ba0000b98568669626638acf5e5ed0b597fdd5e40/detection libreofficeupdates.com # Reference: https://twitter.com/Axel_F5/status/1669794530592170001 # Reference: https://www.virustotal.com/gui/file/b41d54a9686b312f9e114f62e6bf11e21c8e97dda477d488ca19e2afa45efc9e/detection plainboardssixty.com # Reference: https://twitter.com/Axel_F5/status/1597978238542057473 # Reference: https://www.virustotal.com/gui/file/f946663a780806693ea3fb034215bd6da25971eb07d28fe9c209594c90ec3225/detection sinacn.co mailtsinghua.sinacn.co mailstinghua.sinacn.co # Reference: https://mp.weixin.qq.com/s/ewGyvlmWUD45XTVsoxeVpg # Reference: https://otx.alienvault.com/pulse/64a445050a5e0f1018b5bf6d cloudplatfromservice.one gclouddrives.com # Reference: https://twitter.com/ThreatBookLabs/status/1696504153500213519 defpak.net # Reference: https://twitter.com/ThreatBookLabs/status/1697240572417974285 gyre.site # Reference: https://twitter.com/ThreatBookLabs/status/1698883638937657412 slic.live # Reference: https://twitter.com/suyog41/status/1706194781112537213 # Reference: https://twitter.com/TLP_R3D/status/1706262046587682998 # Reference: https://www.virustotal.com/gui/ip-address/185.117.90.59/relations # Reference: https://www.virustotal.com/gui/file/6e89d7eedc4088f1bcdf45171c41deb6c778e14141802c153496550f09b85fb7/detection mofa-gov.org pakarmy-govpk.net emv1.mofa-gov.org mailciieorg.mofa-gov.org maile.mofa-gov.org mailmofa.mofa-gov.org mailyafd.mofa-gov.org # Reference: https://twitter.com/suyog41/status/1708827613727531181 # Reference: https://www.virustotal.com/gui/ip-address/193.142.58.149/relations # Reference: https://www.virustotal.com/gui/file/e36e8244c06d88a5650783bfb3e0e85acd76b803a33018d48391f1ebcc849622/detection govpk.info cpanel.govpk.info dev.govpk.info endofmission.govpk.info intdtebangladesh.govpk.info invitation-letter.govpk.info mail.govpk.info mofa.govpk.info note1582023.govpk.info webdisk.govpk.info webmail.govpk.info ww1.govpk.info ww25.govpk.info ww38.govpk.info wwww.govpk.info wwww.invitation-letter.govpk.info # Reference: https://twitter.com/TLP_R3D/status/1708843583778763109 # Reference: https://www.virustotal.com/gui/ip-address/193.42.36.66/relations pak-army.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1713750113167053187 # Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations # Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection cloud-ptclnetpk.servehttp.com # Reference: https://twitter.com/JVPv5sIM3eFmGyi/status/1697074761380278599 # Reference: https://www.virustotal.com/gui/ip-address/147.139.212.200/relations # Reference: https://www.virustotal.com/gui/file/78cea4a9ee2cce19f961c2ddd4972ec479c196c8e9f9763a95561e0f18776883/detection complaints-ntcgovpk.viewdns.net mail-mofagovpk.servehalflife.com mail-mofagovpk.serveirc.com mail-mofagovpk.viewdns.net mail-pmogovpk.servehttp.com ntdc-govpk.viewdns.net sharepakistanmofa.servehttp.com vibe-ptclnetpk.servehalflife.com # Reference: https://twitter.com/RedDrip7/status/1719897373185560890 # Reference: https://www.netskope.com/blog/a-look-at-the-nim-based-campaign-using-microsoft-word-docs-to-impersonate-the-nepali-government # Reference: https://www.virustotal.com/gui/ip-address/213.109.192.93/relations # Reference: https://www.virustotal.com/gui/ip-address/5.181.20.102/relations # Reference: https://app.validin.com/axon?find=213.109.192.93&type=ip # Reference: https://www.virustotal.com/gui/file/fd7a25223ffd731ad4f4a4083ef4a776e4c6f5b0a068b213859f780f1c44cd82/detection # Reference: https://www.virustotal.com/gui/file/d7f8173c108696584f9c1e36d72a3bb0785609d8951acab355a2e112a64497a4/detection http://213.109.192.93 dns-mofgovbt.ddns.net dof-govmm.sytes.net edms-vpn.ddns.net mail-dor.hopto.org mail-mofgovbt.hopto.org microsoftupdte.redirectme.net mpt-ap.servehttp.com myanmar-apn.serveftp.com telenor-mm.redirectme.net updatemanager.ddns.net windows-update.hopto.org /update/R0FNd0lCb0RGbU1VTUdwcQ==.php /update/R1JNU1p4a1RGbU1VTUdwcQ==.php /R0FNd0lCb0RGbU1VTUdwcQ==.php /R1JNU1p4a1RGbU1VTUdwcQ==.php # Reference: https://mp.weixin.qq.com/s/iWx2tGCLOR0JtDBnC3FOwQ (Chinese) asean-ajp.myftp.org cloud.nitc.gavnp.org dns.nepal.gavnp.org drsasa.hopto.org mail-mohs.servehttp.com mx1.nepal.gavnp.org mx2.nepal.gavnp.org mytel-mm.servehttp.com nitc.gavnp.org pdf-shanstate.redirectme.net pdf-shanstate.serveftp.com # Reference: https://twitter.com/TLP_R3D/status/1722667675468312942 # Reference: https://www.virustotal.com/gui/ip-address/212.83.46.137/relations mfa-gov.net mailmofagovmm.mfa-gov.net webmail.mfa-gov.net # Reference: https://twitter.com/ginkgo_g/status/1727155248081555886 # Reference: https://www.virustotal.com/gui/file/b5c001cbcd72b919e9b05e3281cc4e4914fee0748b3d81954772975630233a6e/detection # Reference: https://www.virustotal.com/gui/file/b60f71bfbdf86b8959cebc7585ec5a39e6cdd1c8efc80aa2bb8b051df4b8889b/detection # Reference: https://www.virustotal.com/gui/file/9a3481ad198c0ed8e0e9945a35387631784125d42a2132b8428e7bf041c1d397/detection # Reference: https://www.virustotal.com/gui/file/1246356d78d47ce73e22cc253c47f739c4f766ff1e7b473d5e658ba1f0fdd662/detection # Reference: https://www.virustotal.com/gui/file/696f57d0987b2edefcadecd0eca524cca3be9ce64a54994be13eab7bc71b1a83/detection govnp.org dns.govnp.org mofa.govnp.org nepal.govnp.org nitc.govnp.org mail.mofa.govnp.org mx1.nepal.govnp.org /mail/AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx /AFA/RWlVOGJCSUxEaVljT0dKaQ==.aspx /RWlVOGJCSUxEaVljT0dKaQ==.aspx # Reference: https://twitter.com/alex_lanstein/status/1727280460022300924 # Reference: https://twitter.com/BaoshengbinCumt/status/1727517020269527069 # Reference: https://twitter.com/k3yp0d/status/1727613488967614761 # Reference: https://twitter.com/k3yp0d/status/1727612826661896390 # Reference: https://www.virustotal.com/gui/ip-address/47.251.51.195/relations # Reference: https://www.virustotal.com/gui/ip-address/47.252.52.225/relations # Reference: https://www.virustotal.com/gui/ip-address/8.222.250.160/relations # Reference: https://www.virustotal.com/gui/file/d28ee2ab42b30c24b2569d9042f182e0a64e8dba2653500046153256e4620505/detection # Reference: https://www.virustotal.com/gui/file/47144b2a4fa036692dccc81f0414c5d7898da001075c3e3c9995665cf5603791/detection http://8.222.250.160 8.222.250.160:443 pakmail.cloud senate-pak.site yes2khalistan.online awards-piaccompk.serveftp.com cloud-ptclnetpk.servehttp.com fbr-taxupdates.serveblog.net /uPSnswhC # Reference: https://twitter.com/k3yp0d/status/1727695607203078193 # Reference: https://app.validin.com/axon?find=47.74.90.0&type=ip # Reference: https://app.validin.com/axon?find=47.74.90.10&type=ip alfalahtransct-bank.servehttp.com cloud-ntdc.servehttp.com e-servicesptclnetpk.servehttp.com e-supportntc.servehttp.com financeptcl-govpk.servehttp.com flysmart-piac.servehttp.com ogdclcloud-mysharep.servehalflife.com services-ptclnetpk.servehttp.com wetransfer.servehttp.com # Reference: https://twitter.com/Glacius_/status/1727968223088214182 # Reference: https://x.com/Cyberteam008/status/1925009704918393295 # Reference: https://www.virustotal.com/gui/ip-address/5.230.54.3/relations # Reference: https://www.virustotal.com/gui/file/170ccf1225154fa0cd92a14219f0b912479cc4095203646c38a31bb78baafe9f/detection donwloaded.com mofa-gov-pk.donwloaded.com police-gov-bd.donwloaded.com # Reference: https://twitter.com/Glacius_/status/1736687727721013448 # Reference: https://www.virustotal.com/gui/file/0e51c4f52b63e7ce231959168dbc4270b4fa451c58e3bd2081441e7d83915361/detection mailmfa.mofa-gov.info # Reference: https://twitter.com/Cuser07/status/1738790090326061060 # Reference: https://twitter.com/Joseliyo_Jstnk/status/1740672426906927562 # Reference: https://www.virustotal.com/gui/ip-address/77.83.196.59/relations # Reference: https://www.virustotal.com/gui/file/1a88ef58675971eb18eeb267b1be90594cd6c7ebddf1c67d66729fa3e68de323/detection # Reference: https://www.virustotal.com/gui/file/a11fab6de2c5111833e9e4a6f69ce5dded17085a3d8ae21c7fcfa00d7e113c9b/detection # Reference: https://www.virustotal.com/gui/file/b565bd60e9182746de76feeebe7f85902e22ee3a22d5d55a278be7340923806e/detection fia-gov.net apps.fia-gov.net cirt-gov-mm.fia-gov.net mofa-gov-bd.fia-gov.net mofa-gov-np.fia-gov.net moitt-gov-pk.fia-gov.net myanmar-gov-mm.fia-gov.net myoffice.fia-gov.net nepalcert-org.fia-gov.net opmcm-gov-np.fia-gov.net police-circular-gov-bd.fia-gov.net police-gov-bd.fia-gov.net # Reference: https://twitter.com/Joseliyo_Jstnk/status/1743190819245326808 # Reference: https://www.virustotal.com/gui/ip-address/5.180.114.198/relations # Reference: https://www.virustotal.com/gui/file/15ce7d3c879975ca81777cf58f47409283e34ec1fe8e966fde608bc7eda16646/detection # Reference: https://www.virustotal.com/gui/file/9d02bf092fdcf44a51ae6e264ec3e3e57afbe79622c92a797e33fb62ed495cda/detection # Reference: https://www.virustotal.com/gui/file/931aee9ba0e51804cb354a3a41830721e41a0fab6758aa19a43eaf1abe621b4d/detection # Reference: https://www.virustotal.com/gui/file/613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a/detection direct888.net mofa-gov-np.direct888.net mofa-gov-sa.direct888.net mopf-gov-mm.direct888.net navy-lk.direct888.net www-moha-gov-lk.direct888.net www-police-gov-bd.direct888.net wwww.direct888.net wwww.mofa-gov-sa.direct888.net # Reference: https://twitter.com/Joseliyo_Jstnk/status/1743223664391160170 # Reference: https://www.virustotal.com/gui/ip-address/69.61.36.170/relations gov-org.net lk.gov-org.net mm.gov-org.net mv.gov-org.net np.gov-org.net gov.lk.gov-org.net gov.mm.gov-org.net gov.mv.gov-org.net gov.np.gov-org.net defence.lk.gov-org.net immigration.gov.mv.gov-org.net mfa.gov.lk.gov-org.net mod.gov.np.gov-org.net mofa.gov.np.gov-org.net moha.gov.np.gov-org.net mohs.gov.mm.gov-org.net navy.lk.gov-org.net po.gov.mv.gov-org.net presidentoffice.lk.gov-org.net # Reference: https://twitter.com/Cuser07/status/1743214744910401794 # Reference: https://www.virustotal.com/gui/ip-address/2.58.15.71/relations # Reference: https://www.virustotal.com/gui/file/89d4d85592bf0b5e8b55c2d62c9050bfa8c3017f9f497134dbacbb2a0f13a09e/detection donwloaded.net president-gov-lk.donwloaded.net # Reference: https://medium.com/@fofabot/practical-fofa-asset-expansion-sidewinder-apt-389714a70061 academy.lesporc.live agency.lesporc.live api.argus.trondheim.bama.zoopit.no cdn.awrah.live cdn.cpec.site cdn.dolper.top cdn.dr-doom.xyz cdn.gearfill.biz cdn.geoloc.top cdn.hread.live cdn.plors.tech cdn.preag.info cdn.preat.info cdn.prol.info cdn.verocal.info civil.leyra.tech csla.blesis.live density.meplor.xyz deputy.meplor.xyz direct888.org employ.fdrek.live energy.fdrek.live lax036.relay.arandomserver.com lesporc.live lnkly.net meplor.xyz mu-api.anyremote.cn mxhichina.info nextgen.fia-gov.net ns.seiffenn.nohost.me resolve.preat.info seiffenn.nohost.me tercom.site test.api.68wx.com test.api.g.luohu8.com test.api.hzy.68wx.com test.es.68wx.com toss.tercom.site trust-crypto.net wide.storeapp.site wind.ridlay.live xmpp-upload.seiffenn.nohost.me # Reference: https://twitter.com/nahamike01/status/1747167370190458924 ntc-telecomcorporation.workers.dev elccorp-net.ntc-telecomcorporation.workers.dev mail-depo-gov-pk.ntc-telecomcorporation.workers.dev mail-dgdp-gov-pk.ntc-telecomcorporation.workers.dev mail-ecp-gov-pk.ntc-telecomcorporation.workers.dev mail-gwadarport-gov-pk.ntc-telecomcorporation.workers.dev mail-hit-gov-pk.ntc-telecomcorporation.workers.dev mail-modp-gov-pk.ntc-telecomcorporation.workers.dev mail-paf-gov-pk.ntc-telecomcorporation.workers.dev mail-punjab-gov-pk.ntc-telecomcorporation.workers.dev mail-sco-gov-pk.ntc-telecomcorporation.workers.dev news.ntc-telecomcorporation.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.192.82/relations gwadarportt.workers.dev gwadarport-gov-pk.gwadarportt.workers.dev mail-invest-gov-pk.gwadarportt.workers.dev mail-nespak-com-pk.gwadarportt.workers.dev webmail-gda-gov-pk.gwadarportt.workers.dev worker-orange-unit-abfb.gwadarportt.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.137.37/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.184.202/relations # Reference: https://www.virustotal.com/gui/ip-address/172.67.215.149/relations government-pak.workers.dev pak-gov-pk.workers.dev pakistan-gov-pk.workers.dev cpanel-nha-gov-pk.pakistan-gov-pk.workers.dev mail-asian-parliament-org.pakistan-gov-pk.workers.dev mail-depo-gov-pk.government-pak.workers.dev mail-hit-gov-pk.government-pak.workers.dev mail-hitgovpk.government-pak.workers.dev mail-kpt-gov-pk.pak-gov-pk.workers.dev mail-mod-gov-pk.pakistan-gov-pk.workers.dev mail-modp-gov-pk.government-pak.workers.dev mail-modp-gov-pk.pak-gov-pk.workers.dev mail-mofa-gov-pk.pakistan-gov-pk.workers.dev mail-nba-gov-pk.pakistan-gov-pk.workers.dev mail-pof-gov-pk.government-pak.workers.dev mail-ppra-org-pk.pakistan-gov-pk.workers.dev mail-sco-gov-pk.government-pak.workers.dev nha-gov-pk.pakistan-gov-pk.workers.dev webmail-wapda-gov-pk.pakistan-gov-pk.workers.dev worker-plain-wind-01a9.pakistan-gov-pk.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/104.21.29.219/relations kr-i-sas-orv-e-l-a.workers.dev mail-gwadarport-gov-pk.kr-i-sas-orv-e-l-a.workers.dev # Reference: https://app.validin.com/axon?find=*.govpk.live&type=dom govpk.live cpanel.govpk.live cpcalendars.govpk.live cpcontacts.govpk.live dirbspta.govpk.live ecp.govpk.live mail.govpk.live mora.govpk.live ptcl.govpk.live webdisk.govpk.live webmail.govpk.live verification.ptcl.govpk.live # Reference: https://twitter.com/__0XYC__/status/1752238025269272906 # Reference: https://twitter.com/Cuser07/status/1752266296463667343 # Reference: https://www.virustotal.com/gui/file/4438df17d22e4df1b430788da31ae0c0f4826b0c9896d1fb7d225cff586f11ad/detection download-services.online pdf-download.live royalmigration.buzz services-download.top win-service-update.top backup.download-services.online blue.win-service-update.top file.services-download.top files.pdf-download.live newfile.pdf-download.live uk.royalmigration.buzz # Reference: https://twitter.com/Joseliyo_Jstnk/status/1753385273587626057 # Reference: https://www.virustotal.com/gui/ip-address/81.171.7.136/relations # Reference: https://www.virustotal.com/gui/ip-address/81.171.7.139/relations # Reference: https://www.virustotal.com/gui/file/ae9ba351fdeb8f06173770682d0df4caef31774b3e0c8e25e2c998cd96e70fa8/detection nr3c-govpk.com api.nr3c-govpk.com mailx.nr3c-govpk.com o.nr3c-govpk.com r.nr3c-govpk.com # Reference: https://www.virustotal.com/gui/ip-address/47.90.210.26/relations mail-mofagovpk.servehttp.com ntc-govpk.servehalflife.com taxsys-fbrgovpk.servehttp.com vpn-ptclnetpk.servehalflife.com vpn-ptclnetpk.viewdns.net # Reference: https://www.virustotal.com/gui/ip-address/51.195.146.204/relations fbrgov-pk.ddns.net fbrgov.ddns.net # Reference: https://www.virustotal.com/gui/ip-address/65.108.198.252/relations mofagovpk.cheematrd.com # Reference: https://www.virustotal.com/gui/domain/gov-pk.online/relations gov-pk.online mail-ead.gov-pk.online mail-mowr.gov-pk.online mail-ntc.gov-pk.online mail-pc.gov-pk.online mail-sco.gov-pk.online mofa.gov-pk.online ntc.gov-pk.online ntcmail.gov-pk.online paec.gov-pk.online pc.gov-pk.online pnra.gov-pk.online pta.gov-pk.online sco.gov-pk.online suparco.gov-pk.online tdap.gov-pk.online # Reference: https://www.virustotal.com/gui/ip-address/181.41.35.224/relations diagov.ddns.net govaruba.duckdns.org # Reference: https://www.virustotal.com/gui/ip-address/47.236.243.41/relations # Reference: https://www.virustotal.com/gui/ip-address/47.74.85.109/relations # Reference: https://www.virustotal.com/gui/ip-address/8.209.221.234/relations advisory-cabinetgpk.servehttp.com cap-mofagovpk.servehttp.com circular-financegov.servehalflife.com eservice-ptclnetpk.servehttp.com finance-govpk.serveblog.net hrmis-financegovpk.serveftp.com mail-depogovpk.servehttp.com mail-modgovpk.servehttp.com mail-mofagovpk.ddns.net mail-mofagovpk.gotdns.ch mail-mofagovpk.myddns.me nanfung.servehttp.com newmail-armymilbd.servehttp.com offers-ptclnetpk.serveblog.net ogdcl.servehttp.com piac-compk.servehttp.com portal-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/47.236.248.66/relations # Reference: https://www.virustotal.com/gui/ip-address/47.88.26.202/relations # Reference: https://www.virustotal.com/gui/ip-address/8.211.192.22/relations # Reference: https://www.virustotal.com/gui/ip-address/8.222.232.191/relations awards-piacaero.servehalflife.com awards-piacaero.servehttp.com discounts-ptclnetpk.servehttp.com mail-bafmilbd.servequake.com mail-dgdpgovpk.servehalflife.com mail-mofapk.servehttp.com mail-pofgovpk.3utilities.com mail-pofgovpk.sytes.net mail-scogovpk.servehalflife.com mailhitgovpk.servehalflife.com news-ptvcompk.servehttp.com offer-ptclnetpk.servehttp.com offers-ptclnetpk.serveftp.com offers-ptclnetpk.serveirc.com rewards-ptclnetpk.viewdns.net sharepakistan-mofa.viewdns.net support-ntc.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.92.59/relations cap-mofagovpk.servehttp.com cap-mofapk.servehttp.com finance-govpk.serveftp.com financegovpk.servehttp.com navy-govbd.servehttp.com sdmx-financegovpk.servehttp.com vibe-ptclnetpk.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/147.139.140.175/relations vibe-ptclnetpk.viewdns.net # Reference: https://www.virustotal.com/gui/ip-address/147.139.145.19/relations finance-govnp.servehalflife.com mail-ntcgovpk.servehttp.com mail-scogovpk.servehttp.com mof-govnp.servehttp.com # Reference: https://www.virustotal.com/gui/ip-address/172.67.133.19/relations ethanhunthero125.workers.dev mail-pc-gov-pk-login.ethanhunthero125.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/172.67.194.69/relations crypton0019.workers.dev ethanhunthero125.workers.dev mail-pc-gov-pk-login.ethanhunthero125.workers.dev mail-sco-gov-pk.crypton0019.workers.dev worker-crimson-bread-052d.crypton0019.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/47.236.119.146/relations 203-124351878443.hopto.org mail-bafmilbd.myvnc.com mail-depogovpk.myvnc.com mailhit-govpk.hopto.org mailpsab-modgovpk.hopto.org mailsco-govpk.hopto.org webmail-pacorgpk.myvnc.com # Reference: https://www.virustotal.com/gui/ip-address/8.208.11.212/relations mail-hitgovpk.servegame.com mailsco-govpk.myvnc.com # Reference: https://www.virustotal.com/gui/ip-address/47.250.57.207/relations ideas2024-pakistan.myvnc.com ideaspakistan-govpk.myvnc.com iportal-ntdcgovpk.myvnc.com mail-armylk.myvnc.com mail-armylk.servehalflife.com mail-hitgovpk.myvnc.com mail-hitgovpk.servehttp.com meter-ntdccompk.myvnc.com meter-ntdccompk.servehttp.com pertest-ntdccompk.ddnsking.com # Reference: https://www.virustotal.com/gui/domain/g0v-pk.net/relations g0v-pk.net pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.dgdp.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.paf.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net mail.sco.gov.pk.pujfjue003hmdhfh99ppjdflsdqwlkls.g0v-pk.net # Reference: https://www.virustotal.com/gui/ip-address/185.166.188.146/relations mof-govn.online # Reference: https://twitter.com/malwrhunterteam/status/1762199010062766152 # Reference: https://www.virustotal.com/gui/ip-address/91.193.18.108/relations # Reference: https://www.virustotal.com/gui/file/13dafd14c85aee3ed60ec25284ba39d6ecdd7ddf4b484d2048efc05960da51e2/detection 126-com.live mailarmylk.126-com.live spark.126-com.live # Reference: https://twitter.com/h2jazi/status/1762874221493879011 # Reference: https://www.virustotal.com/gui/file/df2be2327ed0062cba45a3f85378d0d386500ffcae20ed155ca106854d706325/detection # Reference: https://www.virustotal.com/gui/file/525b00fc379589a73ebd6471e440220c886b969332360e17fb44d5175b3d945e/detection newmofa.com mailmofa.newmofa.com # Reference: https://www.virustotal.com/gui/ip-address/82.180.175.87/relations govnp.live mailmofa.govnp.live mofa.govnp.live opmcm.govnp.live # Reference: https://www.virustotal.com/gui/ip-address/172.67.135.224/relations govtpak.workers.dev mail-depo-gov-pk.govtpak.workers.dev mail-hitgovpk.govtpak.workers.dev # Reference: https://twitter.com/Joseliyo_Jstnk/status/1765304025358954689 # Reference: https://www.virustotal.com/gui/file/4d8ef13543182fdc5cd5bb270878bcac80b77ac7c3e566c0934450e35141ece0/detection finance-gov-pk.rf.gd # Reference: https://twitter.com/Joseliyo_Jstnk/status/1765727342263988567 # Reference: https://www.virustotal.com/gui/file/acbfbf6fd00fa347a52657e5ca0f5cc6cbcf197a04e2d3fd5dc9235926b319d7/detection mofa.email mailmofagovmm.mofa.email # Reference: https://twitter.com/RedDrip7/status/1765935716964675683 # Reference: https://www.virustotal.com/gui/file/ae22f9da201032d007a0b3f54c3a53ea7a41292bba6e9855d48dd21b55c048ae/detection pmd-office.com moemaldives.pmd-office.com # Reference: https://twitter.com/ginkgo_g/status/1768477798191263970 # Reference: https://twitter.com/suyog41/status/1773224136095023435 # Reference: https://www.virustotal.com/gui/file/31b558d79c20b2d18f404096532156e2a25dff5626589a0b27404f359dc9e8db/detection # Reference: https://www.virustotal.com/gui/file/0b917833380d87990413d318ecd7ed08710d07aedc1d39b749256530c32f2ca9/detection 163inc.org mailafdgovbd.163inc.org mailcn.163inc.org # Reference: https://twitter.com/Cyberteam008/status/1773587888279630292 # Reference: https://www.virustotal.com/gui/ip-address/103.151.111.61/relations # Reference: https://www.virustotal.com/gui/ip-address/142.202.191.187/relations # Reference: https://www.virustotal.com/gui/ip-address/91.92.252.90/relations # Reference: https://www.virustotal.com/gui/ip-address/94.156.65.165/relations punjabgov.org surveyofpakistan.org submitsurvey.info mail.punjabgov.org # Reference: https://twitter.com/alex_lanstein/status/1773817732426863037 # Reference: https://www.virustotal.com/gui/file/7dca552bc38f54716c80eb2c4f1f35cf6e5b12a78a5cec8bf335453c1b433cfd/detection paknavy-govpk.info moitt.paknavy-govpk.info # Reference: https://www.virustotal.com/gui/ip-address/198.54.116.197/relations mail-np.net paknavy-gov-pk.mail-np.net # Reference: https://www.virustotal.com/gui/ip-address/109.106.251.65/relations paknavy-govpk.org # Reference: https://www.virustotal.com/gui/ip-address/79.141.165.199/relations paknavy-govpk.net # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations paknavy.tech # Reference: https://www.virustotal.com/gui/ip-address/46.17.175.230/relations paknavy.cloud paknavy.online # Reference: https://www.virustotal.com/gui/domain/mofagovpk.info/relations mofagovpk.info # Reference: https://twitter.com/ginkgo_g/status/1774639942628761827 # Reference: https://www.virustotal.com/gui/file/0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70/detection # Reference: https://www.virustotal.com/gui/file/85d5c21050bd72c4ee02060d0be234ac35babc785567dca5bfc1d299150576b7/detection cabint-division-pk.fia-gov.com police.fia-gov.com vpn.fia-gov.com ctd2.police.fia-gov.com sindh.police.fia-gov.com # Reference: https://twitter.com/Cyberteam008/status/1774703213390057829 64.46.102.122:8443 64.46.102.26:443 64.46.102.63:8443 # Reference: https://www.virustotal.com/gui/ip-address/185.174.135.4/relations ptcl-gov.net # Reference: https://www.virustotal.com/gui/ip-address/172.67.143.200/relations mil-bd.workers.dev mailbaf.mil-bd.workers.dev mail-sco-gov-pk.mil-bd.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.221/relations mai1-sco-gov-pk-sdf.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/93.183.74.8/relations moe-gov-ae.info mofa-gov-ae.info mofagov-sa.info mail.moe-gov-ae.info mail.mofa-gov-ae.info mail.mofagov-sa.info # Reference: https://twitter.com/alex_lanstein/status/1775623052941799483 # Reference: https://blog.strikeready.com/blog/rattling-the-cage-of-a-sidewinder/ afmat.tech aliyumm.tech almightyallah.live ausibedu.org boket.tech btud.live comptes.tech dafpak.org defenec.net detru.info directt888.com download-file.net dynat.tech gebre.tech mfa-govt.net mfacom.org moittpk.org msacn.ntcpk.net newoutlook.live ntcpk.info ntcpk.net numpy.info paknavy-gov.org pnscpk.com sezti.org tni-mil.com tni-mil.org tnial-mil.net commerce-gov-in.iima.remotexs.in commerce-gov-pk.directt888.com mailrta.mfagov.org mofa-gov-pk.directt888.com sarabanmithnavy.tni-mil.com training.detru.info # Reference: https://www.virustotal.com/gui/ip-address/91.195.240.12/relations mfa-gov.cc # Reference: https://www.virustotal.com/gui/ip-address/134.209.86.200/relations mofagov.online ai.mofagov.online server.mofagov.online # Reference: https://www.virustotal.com/gui/ip-address/185.151.30.193/relations mofa-gov-pk.co # Reference: https://www.virustotal.com/gui/ip-address/172.66.47.59/relations mofa-gov-pk.pages.dev # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.33/relations mofa-gov-pk.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations mofa-gov-qa.gq mail.mofa-gov-qa.gq webmail.mofa-gov-qa.gq # Reference: https://www.virustotal.com/gui/ip-address/128.199.145.180/relations mofa-gov-qa.ml mail.mofa-gov-qa.ml # Reference: https://www.virustotal.com/gui/ip-address/208.109.19.101/relations mofagovpk.com # Reference: https://www.virustotal.com/gui/ip-address/47.74.10.112/relations modp-pk.org 1.modp-pk.org gov.pk.1.modp-pk.org gov.pk.modp-pk.org mail.mofa.gov.pk.modp-pk.org mofa.gov.pk.1.modp-pk.org mofa.gov.pk.modp-pk.org pk.1.modp-pk.org pk.modp-pk.org # Reference: https://www.virustotal.com/gui/ip-address/3.33.130.190/relations pk-hqr-online.co gov.pk-hqr-online.co mofa.gov.pk-hqr-online.co # Reference: https://www.virustotal.com/gui/ip-address/185.245.180.3/relations govt-org.net bd.govt-org.net lk.govt-org.net gov.bd.govt-org.net gov.lk.govt-org.net mod.gov.bd.govt-org.net mofa.gov.lk.govt-org.net # Reference: https://www.virustotal.com/gui/ip-address/77.95.113.16/relations qrrl.net pk-hq.qrrl.net gov.pk-hq.qrrl.net mofa.gov.pk-hq.qrrl.net cons.mofa.gov.pk-hq.qrrl.net # Reference: https://www.virustotal.com/gui/ip-address/185.245.180.44/relations gov-co.org bd.gov-co.org com.gov-co.org lk.gov-co.org mv.gov-co.org np.gov-co.org org.gov-co.org defence.lk.gov-co.org e-mopf.gov.mm.gov-co.org finance.gov.mv.gov-co.org for.gov-co.org foreign.gov.mv.gov-co.org gov.bd.gov-co.org gov.mm.gov-co.org gov.np.gov-co.org health.gov.lk.gov-co.org health.gov.mv.gov-co.org immigration.gov.np.gov-co.org mfa.gov.lk.gov-co.org mil.np.gov-co.org mod.gov.np.gov-co.org mofa.bd.gov-co.org mofa.gov.bd.gov-co.org mofa.gov.np.gov-co.org myanmar.gov-co.org navy.lk.gov-co.org nepal.gov.np.gov-co.org nhsrc.pk.gov-co.org nugmyanmar.org.gov-co.org plandiv.gov.bd.gov-co.org po.gov.mv.gov-co.org presidentoffice.lk.gov-co.org pubsec.gov.lk.gov-co.org punjab-ministry-pk.com.gov-co.org # Reference: https://www.virustotal.com/gui/ip-address/109.70.148.47/relations 2let.org pk.2let.org gov.pk.2let.org mofa.gov.pk.2let.org cons.mofa.gov.pk.2let.org # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.151/relations mofa-gov-msg-view.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.55/relations mofa-gov-bd-mailll.rf.gd mofa-gov-pk-download.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.27.134.222/relations mofa-gov-mail-view-pk.rf.gd # Reference: https://www.virustotal.com/gui/ip-address/185.212.70.84/relations timeoflahore.com mofa-gov-pk-foreignministry-documents.timeoflahore.com # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations govt-org.com lk.govt-org.com gov.lk.govt-org.com mfa.gov.lk.govt-org.com # Reference: https://www.virustotal.com/gui/ip-address/104.219.248.111/relations emaiil.co pk.emaiil.co gov.pk.emaiil.co mod.gov.pk.emaiil.co # Reference: https://www.virustotal.com/gui/ip-address/185.82.22.193/relations srvssl.cf mofa-gov-qa.srvssl.cf # Reference: https://www.virustotal.com/gui/ip-address/8.218.5.63/relations investgov.info pakchinavest.info com.pakchinavest.info gwadarport.ddns.net gwadarport.gov.jzbnco.com gwadarport.gov.pk.migkua.com gwadarport.gov.packetfilters.org gwadarport.gov.pk.rankglobe.com mail.investgov.info pakchinainvest.com.pakchinavest.info webmail.pakchinainvest.com.pakchinavest.info # Reference: https://twitter.com/doc_guard/status/1785422860741202184 # Reference: https://www.virustotal.com/gui/file/8a6e381ab6f1d2ab74e3ee232680d5991c9f751241a6a0c3f0d9082d2cf61a05/detection # Reference: https://app.docguard.io/23f3a046884bf94ec706f98000a9efbda48455b4dd86f0665409937b1fb811cb/112148fa-67fb-4646-8dcd-9007ddf87e00/0/results/dashboard mofa-services-server.top docs.mofa-services-server.top # Reference: https://twitter.com/alex_lanstein/status/1788200111966658963 # Reference: https://pastebin.com/5tvyLKZM govt-pk.com amigos.govt-pk.com bd.govt-pk.com dfd-punjab.govt-pk.com dfd.punjab.govt-pk.com gov.pk.govt-pk.com ics.govt-pk.com ics1.govt-pk.com investinnepal.gov.np.govt-pk.com lgcd.punjab.gov.pk.govt-pk.com medicalbillers.govt-pk.com mindef.gov.pk.govt-pk.com mod.gov.bd.govt-pk.com mod.gov.np.govt-pk.com mofa.gov.bd.govt-pk.com mofa.gov.np.govt-pk.com np.govt-pk.com oidc.idp.elogin.att.govt-pk.com prisons.punjab.govt-pk.com pubad.gov.lk.govt-pk.com sparrso.gov.bd.govt-pk.com # Reference: https://twitter.com/alex_lanstein/status/1788203426020499698 # Reference: https://www.virustotal.com/gui/file/006e5fe0c01712391c54319a9d1579d7208f3cfa9f49fe56a14d93f0d0e8928b/detection dowmload.org efes-mindef-gov-pk.dowmload.org # Reference: https://twitter.com/ValidinLLC/status/1788210860017553882 govt-net.com bd.govt-net.com com.govt-net.com fia-govt-net.com.govt-net.com fia.govt-net.com gov.bd.govt-net.com gov.lk.govt-net.com gov.np.govt-net.com lk.govt-net.com mfa.gov.lk.govt-net.com mofa.gov.bd.govt-net.com mofa.gov.lk.govt-net.com mofa.gov.np.govt-net.com np.govt-net.com ptdi.govt-net.com # Reference: https://twitter.com/mal_analysis136/status/1788219355446075756 # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.33/relations mofa-govtpk.com mail.mofa-govtpk.com # Reference: https://twitter.com/Cyberteam008/status/1788436206528680124 # Reference: https://pastebin.com/vPLMDA1U 193.200.16.230:443 5.230.40.141:443 5.230.42.202:443 5.230.43.203:443 5.230.52.133:443 5.230.54.162:443 5.230.54.63:443 5.230.55.29:443 5.230.70.181:443 5.230.71.148:443 5.230.74.96:443 5.230.77.142:443 aliyum.org appclub.live crypto-wise.co dgps-govpk.co jupyt.tech ntcpak.live office.ntcpak.live tsinghua-edu.tech amarsonarbangla123.dgps-govpk.co api.crypto-wise.co bangladeshnavy.dgps-govpk.co emv1.crypto-wise.co mailotloc.aliyum.org mailotlook.aliyum.org mta-sts.crypto-wise.co # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.94/relations dgps-govpk.com # Reference: https://www.virustotal.com/gui/ip-address/98.142.254.83/relations dgps-govpk.org # Reference: https://www.virustotal.com/gui/ip-address/5.230.73.238/relations1 libqstur.tech # Reference: https://twitter.com/suyog41/status/1768558626929860749 # Reference: https://twitter.com/k3yp0d/status/1789806184175685805 # Reference: https://www.virustotal.com/gui/ip-address/146.70.157.120/detection # Reference: https://www.virustotal.com/gui/ip-address/146.70.80.58/detection # Reference: https://www.virustotal.com/gui/file/92145633823ed4a4c56915ab81f6bc0582fd27700d8515400edd0a153d39829f/detection # Reference: https://www.virustotal.com/gui/file/736315462b91943de9df6210db3bb52564982dd6c758d06ea79e3a404548569b/detection # Reference: https://www.virustotal.com/gui/file/6e4a4d25c2e8f5bacc7e0f1c8b538b8ad61571266f271cfdfc14725b3be02613/detection # Reference: https://www.virustotal.com/gui/file/316e01b962bf844c3483fce26ff3b2d188338034b1dbd41f15767b06c6e56041/detection # Reference: https://www.virustotal.com/gui/file/2f5f44863048243c1bbec6e16b1c0902f8c61d61fdb8277f5c514b2f04ce8993/detection # Reference: https://www.virustotal.com/gui/file/2027a5acbfea586f2d814fb57a97dcfce6c9d85c2a18a0df40811006d74aa7e3/detection # Reference: https://www.virustotal.com/gui/file/3e35834b72b475952ae60ea8479ebe3638e204df414a838dfe143081f6729d8e/detection packageupdates.net syncscheduler.com /r3diRecT/redirector/ /r3diRecT/redirector/proxy.php # Reference: https://www.embeeresearch.io/advanced-guide-to-infrastructure-analysis-tracking-apt-sidewinder-domains/ amazonas-gov.co cabinet-download-server.top cnsa-gov.com ctd.govt-pk.com documents-server-pk.top ecp.govt-pk.com embajadadenepal.es.govt-pk.com ep-gov-pk.christmas ep-gov-pk.icu gov-govpk.info goverment-pk-update.top justice-gov.info mail-govpk.com mod-gov-pk.live mohre-gov.info moma-gov-pk.org my-gov-confirm.org nadra-govpk.com ncsc-gov.com newmofa.org nitb-update-services.top pakistan-mofa.cloud paknavy-govpk.com pmo.documents-server-pk.top pta-govpk.com s3-network-pakistan.online services-pk-users.top update-govpk.co # Reference: https://x.com/uslss_etr/status/1795534272725713221 # Reference: https://www.virustotal.com/gui/ip-address/46.183.187.190/relations # Reference: https://www.virustotal.com/gui/file/ceb93ee3093dbf1a49918ede81055018d9c0f0945a97f904a16951010cfbce61/detection dirctt88.co mfa-gov-lk.dirctt88.co moto.dirctt88.co office.dirctt88.co sp-nepalembassy-gov-np.dirctt88.co sparrso-gov-bd.dirctt88.co www-army-mil-bd.dirctt88.co # Reference: https://x.com/ginkgo_g/status/1801540845797315055 # Reference: https://x.com/Joseliyo_Jstnk/status/1804112721408835817 # Reference: https://www.virustotal.com/gui/ip-address/91.223.208.175/relations # Reference: https://www.virustotal.com/gui/file/c87e8d369a9718304e253ebe24da5267bf3a39f0b456c4191029b6be4bc04a42/detection # Reference: https://www.virustotal.com/gui/file/57d761453bbc6ba9ace467f4491d7a19b9c7e097f81d9772efbcd2f43ada4dce/detection mods.email mailnepalarmymil.mods.email mailarmylk.mods.email premier.mods.email # Reference: https://www.virustotal.com/gui/ip-address/89.150.40.43/relations # Reference: https://www.virustotal.com/gui/file/512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9/detection # Reference: https://www.virustotal.com/gui/file/b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53/detection session-out.com investigation04.session-out.com policy.session-out.com salary-cutting.session-out.com /fbd901_harassment/ # Reference: https://x.com/StrikeReadyLabs/status/1811134839598326198 # Reference: https://www.virustotal.com/gui/ip-address/5.230.35.199/relations # Reference: https://www.virustotal.com/gui/file/9572312a12605c6a6ea6447af6fc063f4196aeba523ed38ce2c5ff51c33d4831/detection dgps-govtpk.com reports.dgps-govtpk.com # Reference: https://x.com/RedDrip7/status/1813049510601630031 # Reference: https://www.virustotal.com/gui/file/15081f25bd44b8591d2895c33db7c238b6d52ffb5fbeb235b62d52e681c99249/detection mofa-filetransfer.servehttp.com # Reference: https://x.com/suyog41/status/1814216605414351325 # Reference: https://www.virustotal.com/gui/file/005188f4c96d1f996e260d4cd1f6cb51de8c02654520673506976004203328cc/detection paknavy.store heatwave.paknavy.store # Reference: https://x.com/suyog41/status/1814216605414351325 # Reference: https://www.virustotal.com/gui/ip-address/5.255.113.149/relations # Reference: https://www.virustotal.com/gui/file/c4627139cab65aed8b7639006fa4848516f5681dca4ddf483fd27aa2e9f645c2/detection pdfadobe.com mora.pdfadobe.com # Reference: https://x.com/wa1Ile/status/1816718243123593410 # Reference: https://www.virustotal.com/gui/ip-address/5.255.112.244/relations # Reference: https://www.virustotal.com/gui/file/b8294a2038c3e79a06ad1f35c1083edaa6591b393f8bba681384a103734c27e9/detection portdedjibouti.live leave.portdedjibouti.live notice.portdedjibouti.live wwww.portdedjibouti.live wwww.notice.portdedjibouti.live # Reference: https://www.virustotal.com/gui/ip-address/93.127.192.14/relations pk-govt.com army.mil.bd.pk-govt.com beoe.gov.pk-govt.com cabinet.gov.bd.pk-govt.com cabinet.gov.pk-govt.com ead.gov.pk-govt.com fia.gov.pk-govt.com fia.gov.pk.pk-govt.com finance.gov.pk-govt.com mod.gov.ba.pk-govt.com mod.gov.bd.pk-govt.com mofa.gov.bd.pk-govt.com mofa.gov.np.pk-govt.com mofa.gov.pk-govt.com mofa.gov.pk.pk-govt.com nepalembassyusa.org.pk-govt.com nepembassy.org.uk.pk-govt.com paknavy.gov.pk-govt.com paknavy.gov.pk.pk-govt.com pasb.mod.gov.pk-govt.com pmo.gov.bd.pk-govt.com pmo.gov.pk.pk-govt.com police.gov.bd.pk-govt.com prisons.punjab.gov.pk-govt.com prisons.punjab.pk-govt.com punjabpolice.gov.pk-govt.com sparrso.gov.bd.pk-govt.com # Reference: https://www.virustotal.com/gui/ip-address/193.29.57.101/relations geopk.org geo.org.pk mofa-govlk.com army.mil.bd.mofa-govlk.com gmail.com.mofa-govlk.com mod.gov.bd.mofa-govlk.com mofa.gov.bd.mofa-govlk.com pmo.gov.bd.mofa-govlk.com sparrso.gov.bd.mofa-govlk.com army.mil.bd.mofa-govlk.com gmail.com.mofa-govlk.com mod.gov.bd.mofa-govlk.com mofa.gov.bd.mofa-govlk.com pmo.gov.bd.mofa-govlk.com sparrso.gov.bd.mofa-govlk.com # Reference: https://x.com/StrikeReadyLabs/status/1820454673603768564 mofserviceserver.top shiftroof.top ofc.mofserviceserver.top pmofficepakistancloudserver.shiftroof.top # Reference: https://x.com/StrikeReadyLabs/status/1821133707077370041 # Reference: https://www.virustotal.com/gui/file/fec66a9aabf379d150ad51926b318f9c03edbe8f7e655193c036db6c0ba9a6b6/detection dowmload.info mofa-gov-pk.dowmload.info # Reference: https://www.virustotal.com/gui/domain/mofa-g0v-pk.workers.dev/relations mofa-g0v-pk.workers.dev sharepakistan.mofa-g0v-pk.workers.dev # Reference: https://www.virustotal.com/gui/ip-address/76.223.105.230/relations mofa-gov-pk.xyz # Reference: https://www.virustotal.com/gui/ip-address/195.35.10.141/relations mofa-gov-pk.site cons.mofa-gov-pk.site # Reference: https://x.com/k3yp0d/status/1821526304635650555 # Reference: https://www.virustotal.com/gui/file/b81c49fe252f763e43d2be298298ecc5d986c59e047efff6ecb928126e17f881/detection refnameit.life my.refnameit.life # Reference: https://x.com/StrikeReadyLabs/status/1818267844972306610 # Reference: https://www.virustotal.com/gui/file/6842aee028eaa07af8e8eba41bef019aee72fe245ca86be39efd2df883b2402c/detection xuzeest.buzz management.xuzeest.buzz # Reference: https://x.com/k3yp0d/status/1821523835214065877 # Reference: https://www.virustotal.com/gui/file/ffb1e4d9253ed97cc381826993a8812ac6c53f7a7d01793e282fc148102bdab3/detection screenpont.xyz ministryofficedownloadcloudserver.screenpont.xyz # Reference: https://x.com/mal_analysis136/status/1822672814924611748 # Reference: https://www.virustotal.com/gui/ip-address/5.255.121.188/relations dowmload.co fmprc-gov-cn.dowmload.co mod-gov-bd.dowmload.co mofa-gov-bd.dowmload.co mofa-gov-pk.dowmload.co punjabpolice-gov-pk.dowmload.co www-army-mil-bd.dowmload.co # Reference: https://x.com/suyog41/status/1822904355777138829 # Reference: https://www.virustotal.com/gui/ip-address/213.183.55.52/relations # Reference: https://www.virustotal.com/gui/file/a84b3dd5f7d29d8d257fdef0ede512ae09e6cd5be7681b9466a5c60f6f877c2b/detection pmd-offc.info moittadvisory.pmd-offc.info # Reference: https://x.com/mal_analysis136/status/1822916700762984543 # Reference: https://x.com/suyog41/status/1824001819149799434 # Reference: https://www.virustotal.com/gui/ip-address/5.255.121.168/relations # Reference: https://www.virustotal.com/gui/ip-address/5.255.99.223/relations # Reference: https://www.virustotal.com/gui/file/bdbbb8fc621a1717e0dd373c143279db794a72a5bbd846ede92df412043623f7/detection pmd-office.info pmd-office.live cyber.pmd-offc.info office.pmd-office.info # Reference: https://x.com/StrikeReadyLabs/status/1826250092669751401 # Reference: https://www.virustotal.com/gui/file/e3802e7f09f499537271f80af7ca81ee1e6d8559164e644665cf50d0a43bccdc/detection pafmodernwebclient-srirj3dq.b4a.run # Reference: https://x.com/StrikeReadyLabs/status/1830774400397779262 # Reference: https://www.virustotal.com/gui/ip-address/194.68.44.55/relations document-viewer.live stae-org-mz.document-viewer.live # Reference: https://x.com/StrikeReadyLabs/status/1831386292728598949 # Reference: https://www.virustotal.com/gui/file/c2bc69085df7036bdef980932a2383b34a9fb76a92d85b9f377beca060053c17/detection pkinfo.live # Reference: https://x.com/StrikeReadyLabs/status/1833558192024142056 # Reference: https://www.virustotal.com/gui/file/5ba6e6deae5da0adf35e78319e9c528343a21f09863b879b3976351896578229/detection dellicon.top cloud.dellicon.top # Reference: https://x.com/StrikeReadyLabs/status/1836356550274826416 # Reference: https://www.virustotal.com/gui/ip-address/212.46.38.168/relations document-viewer.info customs.document-viewer.info office.document-viewer.info # Referemce: https://blog.cloudflare.com/unraveling-sloppylemming-operations/ 168-gov.info acrobat.paknavy-pk.org aljazeerak.online apl-com.icu apl-org.online aurora.dawn-904.workers.dev blabla.apl-com.icu browser.apl-org.online classifieds.workers.dev confidential.zapto.org crec-bd.site dawn.apl-org.online dawnnews.workers.dev docs.apl-com.icu epaper.dawn-323.workers.dev filebox-1-y7125191.deta.app fonts.apl-org.online gov-pkgov.workers.dev hascolgov.info helpdesk-lab.site herald-b2a.workers.dev hesco.hascolgov.info hit-pk.org humariweb.info hurr.zapto.org images-11d.workers.dev itsupport-gov.com locaal.navybd-gov.info localhost.apl-com.icu locall.hascolgov.info login.apl-org.online mail-islamabadpolice-gov-pk.ntc-telecommunication-safecity.workers.dev mail-na-gov-pk.na-gov-pk.workers.dev mail.apl-com.icu mail.pakistangov.com mofapak.info mozilla.apl-org.online na-gov-pk.workers.dev new.apl-org.online ntc-telecommunication-safecity.workers.dev obituary.workers.dev oil.hascolgov.info openkm.paknavy-pk.org owa-spamcheck.apl-org.online pakistangov.com paknavy-pk.org pitb.gov-pkgov.workers.dev pitb.zapto.org quran-books.store redzone.apl-org.online redzone2.apl-org.online sco.zapto.org sharepoint-punjab.sharepoint-e13.workers.dev storage-e13.sharepoint-e13.workers.dev update.apl-org.online updpcn.online zero-berlin-covenant.apl-org.online zoom.osutuga7.workers.dev # Reference: https://x.com/suyog41/status/1839593288455606483 # Reference: https://x.com/malwrhunterteam/status/1846308333432852902 # Reference: https://www.virustotal.com/gui/file/21c0756d52ca7947a83529e2cc7d3341f4626b8da05c256f5ec09034d147c6ba/detection # Reference: https://www.virustotal.com/gui/file/f51361da0c24c1ae422ebe8fb12aa1ff9ec49c71d1d699c9cff68f2ee93fcdfa/detection # Reference: https://www.virustotal.com/gui/file/3958bd2062a15c764427a2cc886743df1b1ac56633e1ae43f190e43db836ddb3/detection desktopserver.top auth.desktopserver.top cloud.desktopserver.top drive.desktopserver.top # Reference: https://x.com/suyog41/status/1844615527106322754 # Reference: https://x.com/salmanvsf/status/1844636033109066079 # Reference: https://www.virustotal.com/gui/file/bafd23bf68bcb56f7927d10627c7e361127e8d42acdb7206752182ecadb611bc/detection ms-office.app command.ms-office.app holiday.ms-office.app update.ms-office.app # Reference: https://x.com/suyog41/status/1844614969158984039 # Reference: https://www.virustotal.com/gui/ip-address/167.88.164.63/relations # Reference: https://www.virustotal.com/gui/file/8782aa3b2f8b28b67101532937ab95a47e0d246513c8496c2f6a29cd44d02cf1/detection dirctt888.info kafka.dirctt888.info paknavy-gov-pk.dirctt888.info # Reference: https://securelist.com/sidewinder-apt/114089/ # Reference: https://www.virustotal.com/gui/ip-address/79.141.174.176/relations 63inc.com aliyum.tech asyn.info cnsa-gov.org colot.info condet.org conft.live decoty.tech dinfed.co dirctt88.net direct88.co donwload-file.com downloadabledocx.com e1ix.mov e1x.tech grouit.tech gtrec.info healththebest.com kernet.info kretic.info mfas.pro mitlec.site mofagovs.org moittpk.net mshealthcheck.live nactagovpk.org navy-mil.co nopler.live ntcpak.org numzy.net nventic.info pafgovt.com pdfrdr-update.com pdfrdr-update.info pmd-office.org ptcl-net.com scrabt.tech shipping-policy.info sjfu-edu.co support-update.info tazze.co tex-ideas.info tumet.info u1x.co ujsen.net updtesession.online widge.info dynamic.nactagovpk.org mmcert-org-mm.donwloaded.com mod-gov-bd.direct888.net nextgen.paknavy-govpk.net portdedjibouti.shipping-policy.info portdjibouti.pmd-office.org premier.moittpk.org # Reference: https://x.com/suyog41/status/1846521863347789927 # Reference: https://www.virustotal.com/gui/file/fa95fadc73e5617305a6b71f77e9d255d14402650075107f2272f131d3cf7b00/detection mofa-gov-np.dirctt888.info # Reference: https://x.com/suyog41/status/1848679667399807266 # Reference: https://www.virustotal.com/gui/file/865f5b3b1ee94d89ad9a9840f49a17d477cddfc3742c5ef78d77a6027ad1caa5/detection sgad-punjab-gov-pk.dirctt888.info # Reference: https://www.virustotal.com/gui/ip-address/84.32.84.32/relations dirctt888.net # Reference: https://x.com/suyog41/status/1849679847137870328 # Reference: https://www.virustotal.com/gui/ip-address/5.255.116.103/relations # Reference: https://www.virustotal.com/gui/file/56bf8948160e563b835cb3b656d0f3848625433b66cb3f89ba07f04f4e8e78cf/detection dytt88.co mfa-go-ke.dytt88.co moitt-gov-pk.dytt88.co # Reference: https://x.com/StrikeReadyLabs/status/1849797282499039404 acc.pk-govt.net apgml.pk-govt.net bard.gov.bd.pk-govt.net caab.gov.bd.pk-govt.net cabinet.gov.bd.pk-govt.net cabinet.pk-govt.net cga.gov.bd.pk-govt.net ecs.pk-govt.net email.pk-govt.net establishment.gov.pk-govt.net fbr-gov.net finance.gov.pk-govt.net fisheries.gov.bd.pk-govt.net gov-cn.co gov-org.com govt-cn.co govt-cn.org icd.punjab.gov.pk-govt.net minland.pk-govt.net mochta.pk-govt.net mod-govbd.com mod.gov.bd.pk-govt.net mod.gov.pk-govt.net modp.gov.pk-govt.net mof.pk-govt.net mofa-govlk.net mofa.gov.bd.pk-govt.net mofa.gov.np.pk-govt.net mofa.gov.pk-govt.net mofa.pk-govt.net moha.gov.np.pk-govt.net mopa.gov.bd.pk-govt.net mopa.pk-govt.net nepalpolice-govnp.com nespak.com.pk-govt.net ofac-gov.net pk-govt.net pnra.pk-govt.net prisons.punjab.pk-govt.net punjab.gov.pk-govt.net punjabpolice.gov.pk-govt.net sgad.punjab.gov.pk-govt.net tcp.gov.pk-govt.net # Reference: https://x.com/k3yp0d/status/1856401803379876074 # Reference: https://x.com/StrikeReadyLabs/status/1856724048903836018 # Reference: https://urlscan.io/result/82d6480b-898a-4ea5-9105-557c4096a79c # Reference: https://www.virustotal.com/gui/file/ce4428b9b4455cfc051f195fcab0bfee775a7ef5aa3432a7d807c798444c250d/detection bmac-g0v-cn-aman-exercise-1etter.netlify.app bmac-org-cn-exercise-observer-invites.netlify.app bmac-pla-exercise-aman-2024-letter.netlify.app china-immigration-department-letter.netlify.app chinese-pla-a1rforce-0fficil-drive.netlify.app ministryofdefencechinadrive.pages.dev paknavy.org.pk # Reference: https://x.com/StrikeReadyLabs/status/1857456905167237288 # Reference: https://x.com/suyog41/status/1859132957870694480 # Reference: https://www.virustotal.com/gui/file/5fd3f901163aad60fae9afc8c969bba7ff233c7eba242ce85f17b920f9b70140/detection cloudmails.live ecloudsmails.com mail-gov.org opertingsmail.us www-airport-lk.mail-gov.org # Reference: https://x.com/suyog41/status/1858462344856101197 # Reference: https://x.com/banthisguy9349/status/1875904770697003459 # Reference: https://www.virustotal.com/gui/ip-address/89.46.234.85/relations # Reference: https://www.virustotal.com/gui/file/40159fcfe9793a8a13111131e31f10eb1652343f6b9d172e2cadc821bc5f28fd/detection d0cumentview.info advisories-sgcustoms.d0cumentview.info notifications-khmod.d0cumentview.info # Reference: https://x.com/blackorbird/status/1859161598469836806 # Reference: https://blogs.blackberry.com/en/2024/11/suspected-nation-state-adversary-targets-pakistan-navy-in-cyber-espionage-campaign # Reference: https://www.virustotal.com/gui/collection/f6f862c588961ae94c5c23d92331b85e5023ed7064c00d1299f73d47aadf699d/iocs # Reference: https://www.virustotal.com/gui/file/fc39ec35d767a2c0a178ca9874be8aaf87033f8b834ee8dcb57d3904516e4335/detection # Reference: https://www.virustotal.com/gui/file/a0a18e76d8af39b9b198d9ea7c67dc372fa3cdb2286ac405fa8e76154af34fff/detection paknavy.rf.gd # Reference: https://x.com/StrikeReadyLabs/status/1864282578561221054 # Reference: https://www.virustotal.com/gui/file/a1b5ca71501c5215b2a7ed637308060e10914e436dcda11c219448e3540ef200/detection mofw.pro dntnavymil.mofw.pro # Reference: https://x.com/ginkgo_g/status/1867518951930179775 # Reference: https://www.virustotal.com/gui/file/8ae6cf2d0932782784084ff0e792a85146d5073115556e8d05a225e635ec96fa/detection military-bd.org defence-lk.military-bd.org # Reference: https://x.com/banthisguy9349/status/1867529811750694984 # Reference: https://pastebin.com/raw/eEBba59X http://213.183.55.52 efes-mindef-qov-pk.dowmload.org google.gov-pok.net kenaikan.portdedjibouti.live mofa-gov-np.dirctt88.co mofa-gov-pk.download.info salary-cuxxing.session-out.com suezcanal.portdedjibouti.live www-opmcm-gov-np.direct888.net # Reference: https://x.com/DmitriyMelikov/status/1869829399023104432 # Reference: https://www.virustotal.com/gui/file/ba6ca4391a9fb405dd780fd5fb1a8acea22435f1707b2422e2bec6d74dbecc41/detection mail-govt.com btrc-gov-bd.mail-govt.com cag-org-bd.mail-govt.com mod-portal-gov-bd.mail-govt.com mofa-portal-gov-bd.mail-govt.com molwa-gov-bd.mail-govt.com mopa-gov-bd.mail-govt.com www-mof-gov-np.mail-govt.com www-prc-mhapsd-gov-bd.mail-govt.com # Reference: https://x.com/ThreatBookLabs/status/1871570023665275210 # Reference: https://x.com/StrikeReadyLabs/status/1871572110134726720 # Reference: https://x.com/blackorbird/status/1871576281571274847 # Reference: https://www.virustotal.com/gui/file/c27843c64f1e9bfbaabe5a98f384ef9d3eb2c32f97efe109690de16dd52d44e8/detection mailserver-lk.com draft-paper-advertisementfdg.netlify.app mail-defence-lk-session-out.pages.dev # Reference: https://x.com/k3yp0d/status/1871927642984968619 # Reference: https://www.virustotal.com/gui/file/01c6bc7bc8b4367205b698b99ad57df27387aa855a3245bdf5fa727e73925d06/detection cloudpmo.top ofc.cloudpmo.top # Reference: https://x.com/ThreatBookLabs/status/1872288256370585931 mail-defence-lk-loging-horde.pages.dev 38273409.mail-defence-lk-loging-horde.pages.dev # Reference: https://x.com/banthisguy9349/status/1875901285783962024 fia-gob.net int-secure.org officedrive.live sarabanmithnavvtni-mil.com cmm.int-secure.org cnmm.int-secure.org mofa-gov-np.fia-gob.net pmd.paknavy-gov.com president-gov-ik.donwloaded.net sl-navy.officedrive.live # Reference: https://x.com/banthisguy9349/status/1875930695388037559 download-files-0pen-err0r-l0gin.netlify.app downloadfiles-mail.pages.dev # Reference: https://x.com/banthisguy9349/status/1875934113292861656 nia-china-inviation-package-zip.netlify.app # Reference: https://x.com/suyog41/status/1876157867423879302 # Reference: https://www.virustotal.com/gui/ip-address/178.209.51.231/relations # Reference: https://www.virustotal.com/gui/file/5f0d9a8f26a8ead63c0d2063abdef157138eb59def34c361cdc3a42b0ed2c17d/detection downnload.org ibas-finance-gov-bd.downnload.org mofa-gov-bd.downnload.org mofa-gov-np.downnload.org mof-portal-gov-bd.downnload.org # Reference: https://x.com/StrikeReadyLabs/status/1876284392319963587 # Reference: https://x.com/StrikeReadyLabs/status/1876353156252340233 # Reference: https://raw.githubusercontent.com/StrikeReady-Inc/samples/refs/heads/main/2025-01-06%205000%20BDT/urls.txt # Reference: https://www.virustotal.com/gui/file/136dd864f5772a6567aff34fcbe6f0665b7cc04b2d486004c370f410bee259b1/detection # Reference: https://www.virustotal.com/gui/file/eebf4a5104d75f8f6536e592d4c7945d56f8431059f2cab980756d9b9e96f0fc/detection 81-cn.ddns.net 81-cn.info az-updates.store bangladeshbaank-gov-bd.workers.dev boc-cn.81-cn.info boc.cn.81-cn.info cas.sysu.edu.cn.81-cn.info cloud.moe.gov.cn.81-cn.info cmclient-downloader.serveirc.com corporate-social-activity-updates.ciecc.com.cn.81-cn.info crec-bangladesh.ddns.net fileserver.81-cn.info globaltimes-cn.org internal-portal.ceair.com.81-cn.info mail-cscec.ddns.net mail-mofa.ddns.net mail-nssc.sytes.net mail-nudt.sytes.net mail.a.globaltimes-cn.org mail.cfau.edu.cn.81-cn.info mail.hit.gov.pk.81-cn.info mail.hust.edu.cn.81-cn.info mail.mail.cmec.com.globaltimes-cn.org mail.mail.spacechina.com.81-cn.info mail.mfa.gov.cn.81-cn.info mail.mfaa.gov.cn.globaltimes-cn.org mail.mofa.gov.pk.globaltimes-cn.org mail.nju.edu.cn.81-cn.info mail.nudt.edu.cn.81-cn.info mail.smmu.edu.cn.81-cn.info mail.tsinghua.edu.cn.81-cn.info news-gov-cn.info gateway.ceair.com.81-cn.info uat-updates.gateway.ceair.com.81-cn.info updates.moe.gov.cn.81-cn.info moe.gov.cn.81-cn.info cfau.edu.cn.81-cn.info hit.gov.pk.81-cn.info hust.edu.cn.81-cn.info mail.cmec.com.globaltimes-cn.org spacechina.com.81-cn.info mfa.gov.cn.81-cn.info mfaa.gov.cn.globaltimes-cn.org mofa.gov.pk.globaltimes-cn.org nju.edu.cn.81-cn.info nudt.edu.cn.81-cn.info smmu.edu.cn.81-cn.info tsinghua.edu.cn.81-cn.info vrms.bangladeshbaank-gov-bd.workers.dev wandering-pond-e7f4.foxiproxi.workers.dev # Reference: https://x.com/JAMESWT_MHT/status/1869724537115541616 # Reference: https://www.virustotal.com/gui/file/44f7c5e8855fc2c9a0026183759f99635d7b89eee46dc904d5618123ed217435/detection # Reference: https://www.virustotal.com/gui/file/6750a7e6eb02eecab234f42a6cc6a88c1510d557336d53a85c02ad43776d8cb9/detection # Reference: https://www.virustotal.com/gui/file/623767715bd1a33c41e2de8ab3af341e629105132c3434f454cf249f98adbfd7/detection http://47.76.135.130 http://47.84.196.148 47.76.135.130:443 47.84.196.148:443 bangla.b-cdn.net # Reference: https://x.com/ginkgo_g/status/1877604805612548507 # Reference: https://www.virustotal.com/gui/file/f29de289f33c8c9e4a53d25443e6d949b0028b31accf9abb4a8bab4a9dcbba42/detection # Reference: https://www.virustotal.com/gui/file/896ddb35cde29b51ec5cf0da0197605d5fd754c1f9f45e97d40cd287fb5a2d25/detection modpak.live paknavy.modpak.live # Reference: https://x.com/mal_analysis136/status/1878823552188883024 # Reference: https://www.virustotal.com/gui/ip-address/195.201.179.80/relations prepforce.site mystore.prepforce.site # Reference: https://x.com/mal_analysis136/status/1879225400666313177 # Reference: https://www.virustotal.com/gui/ip-address/89.116.192.242/relations govpk.email govvv.pk ib.govvv.pk mindef.govvv.pk mofa.govpk.email mofa.govvv.pk paknavy.govpk.email paknavy.govvv.pk # Reference: https://x.com/wa1Ile/status/1879794476480426196 # Reference: https://www.virustotal.com/gui/ip-address/45.137.159.236/relations govpk.me commerce.govpk.me depo.govpk.me ead.govpk.me fia.govpk.me ib.govpk.me mofa.govpk.me moitt.govpk.me mpnr.govpk.me pc.govpk.me # Reference: https://x.com/suyog41/status/1880182370902634893 # Reference: https://www.virustotal.com/gui/ip-address/5.255.117.75/relations # Reference: https://www.virustotal.com/gui/file/d3fb61c0211bd379bf80f15cf072fdbc1187fe95546fdfcfcbdf8918004f05e2/detection mail-govt.org interior-gov-pk.mail-govt.org www-cabinetoffice-gov-lk.mail-govt.org # Reference: https://x.com/suyog41/status/1884178221127852096 # Reference: https://www.virustotal.com/gui/ip-address/5.255.126.233/relations # Reference: https://www.virustotal.com/gui/file/54c4641f709e51622531dc3d04fd2f4a3bad2a42dca287e2777c04d59cbca789/detection dytt888.org presidentsoffice-gov-lk.dytt888.org www-mopa-gov-bd.dytt888.org www-presidentsoffice-gov-lk.dytt888.org # Reference: https://x.com/SecAI_AI/status/1884616742082932870 # Reference: https://www.virustotal.com/gui/ip-address/51.89.9.145/relations app-sec01.online docum.store files-ci.com gooogle.live kra20.fun msonlineoffice.com noreplyuser.site onlinestatus.live opensign-delta3e.com reecesayer.com security-it1.com sqrt.ovh surveydocs.online synoslabs-test.com xn--micosoftonline-iwc.com email.mofa.gov.pk.docum.store email.navy.gov.bd.docum.store email.nvy.milbd.onlinestatus.live emails.mofa.gov.pk.docum.store mail.baf.mil.bd.docum.store mail.baf.mil.bd.onlinestatus.live mail.bcc.gov.bd.onlinestatus.live mail.fwo.com.pk.onlinestatus.live mail.mofa.gov.pk.docum.store mail.mofa.gov.pk.onlinestatus.live mail.navy.mil.bd.docum.store mail.navy.mil.bd.onlinestatus.live mail.nepla.gov.np.onlinestatus.live mail.pof.gov.pk.onlinestatus.live mail.ssf.gov.bd.onlinestatus.live mail1.mofa.gov.pk.docum.store mail1.navy.mil.bd.docum.store webmail.fwo.com.pk.docum.store # Reference: https://x.com/suyog41/status/1887133284276244512 # Reference: https://www.virustotal.com/gui/file/15cf5271c7b9b8ad22c4c96bc8674d9835e8d419fc1a6077f3b59fbd7e59d112/detection mail163.info gso2.mail163.info # Reference: https://x.com/suyog41/status/1887812529151443394 # Reference: https://www.virustotal.com/gui/file/47d77499968244911d0179fb858578de00dbb98079e33f5ed5d229d03eb04d67/detection org-co.net pubad-gov-lk.org-co.net # Reference: https://x.com/suyog41/status/1888906530118062394 # Reference: https://www.virustotal.com/gui/file/22527dd1a62dc46dd4edd23a681657cf4c3477e9f90fb1ef63ef657608b9838c/detection net-src.info pubad-gov-lk.net-src.info # Reference: https://x.com/mal_analysis136/status/1889041601709977866 dirctt88.info micret.live mteron.info recred.live warecon.xyz # Reference: https://x.com/SecAI_AI/status/1890047778539061342 # Reference: https://app.validin.com/detail?find=38.60.198.71&type=ip4&ref_id=612fb65def6#tab=resolutions hilsa.online up2dts.online updatemaster.info baf.mil.bd.hilsa.online bd.hilsa.online email.moitt.gov.pk.hilsa.online emails.moitt.gov.pk.hilsa.online getnew.file.update.up2dts.online gov.pk.hilsa.online hillview.net.pk.hilsa.online mail-mod-gov-bd-account-data-file.netlify.app mail.baf.mil.bd.hilsa.online mail.bgb.gov.bd.up2dts.online mail.hillview.net.pk.hilsa.online mail.hilsa.online mail.mofa.gov.pk.up2dts.online mail.mofas.gov.pk.updatemaster.info mail.navy.lk.updatemaster.info mail.navy.mil.bd.up2dts.online mail.npc.gov.np.up2dts.online mail.ntc.gov.pk.hilsa.online mail.paf.gov.pk.hilsa.online mail.punjab.gov.pk.hilsa.online mail.sco.gov.pk.hilsa.online mails.baf.mil.bd.updatemaster.info mails.bcc.gov.bd.updatemaster.info mails.mofa.gov.np.updatemaster.info mails.mofa.gov.pk.updatemaster.info mails.navy.mil.bd.updatemaster.info mails.nepal.gov.np.updatemaster.info mails.ntc.net.pk.hilsa.online mails.paf.gov.pk.hilsa.online mails.pmo.gov.pk.hilsa.online mil.bd.hilsa.online mofa.gov.np.updatemaster.info moitt.gov.pk.hilsa.online net.pk.hilsa.online ntc.gov.pk.hilsa.online ntc.net.pk.hilsa.online paf.gov.pk.hilsa.online pk.hilsa.online pmo.gov.pk.hilsa.online punjab.gov.pk.hilsa.online sco.gov.pk.hilsa.online view.full.pdf.file.up2dts.online # Reference: https://x.com/Malwar3Ninja/status/1890393003207843897 # Reference: https://www.virustotal.com/gui/file/866f2112ee7e2553b0db0e931dd14f18515020ebc5985d91f6c96f1fce24a56c/detection dopm.gov.np.totheeverest.com gov.bd.account.login.sessions.webmailarmy.com gov.np.farwestkhabar.com gov.np.namlo.com.np gov.np.totheeverest.com gov.np.unsilk.com gov.np.webproxy.to ims.sudurpashchim.gov.np.farwestkhabar.com mail-navy-mil-bd-modern-email-inbox-messages.webmailarmy.com mail.bgb.gov.bd.account.modern.sessions.webmailarmy.com mail.cao.gov.bd.account.login.sessions.webmailarmy.com mail.mod.gov.bd.account.login.sessions.webmailarmy.com mhealth.dopm.gov.np.totheeverest.com ov.bd.account.modern.sessions.webmailarmy.com psdph.dopm.gov.np.totheeverest.com see.gov.np.unsilk.com snnp.gov.np.namlo.com.np vaccine.moha.gov.np.webproxy.to vaccine.mohp.gov.np.webproxy.to webmailarmy.com # Reference: https://x.com/mal_analysis136/status/1890729450792268024 nbppakistan.com github.nbppakistan.com api.nbppakistan.com collector.nbppakistan.com # Reference: https://x.com/suyog41/status/1891372873496834115 # Reference: https://www.virustotal.com/gui/file/96d429d67a2663ef2cf3f45ccd0619adf0cd030f7fe70f072af1ce1d67ec52a3/detection live-co.org data-sob-gov-bd.live-co.org mod-gov-bd.live-co.org mofa-gov-bd.live-co.org pubad-gov-lk.live-co.org # Reference: https://x.com/__0XYC__/status/1893503792827527388 # Reference: https://www.virustotal.com/gui/ip-address/202.142.177.150/detection viewdoc.online gov.pk.viewdoc.online moitt.gov.pk.viewdoc.online ntc.gov.pk.viewdoc.online paf.gov.pk.viewdoc.online pof.gov.pk.viewdoc.online sco.gov.pk.viewdoc.online email.moitt.gov.pk.viewdoc.online email.ntc.gov.pk.viewdoc.online email.paf.gov.pk.viewdoc.online email.pof.gov.pk.viewdoc.online email.sco.gov.pk.viewdoc.online # Reference: https://x.com/wa1Ile/status/1893896154825294224 # Reference: https://www.virustotal.com/gui/file/1527cf10f00c798262b3347c00af8028fee3bc88a450bc2df7766b1118c62cd5/detection milqq.info jtops.milqq.info # Reference: https://x.com/suyog41/status/1895090090650784157 # Reference: https://x.com/suyog41/status/1895440300421881953 # Reference: https://www.virustotal.com/gui/file/a61335c10cf98064761806af6451b3cddd66641ccb35a6d8b915a02d6279f46a/detection # Reference: https://www.virustotal.com/gui/file/74111c9b0ed748fc6bfc025d13a2ed08663b988cb69c044f1c6f153f9020294c/detection dwnlld.info cabinet-gov-bd.dwnlld.info fa-gov-lk.dwnlld.info infomfa-gov-lk.dwnlld.info mfa-gov-lk.dwnlld.info mofa-gov-bd.dwnlld.info prison-gov-bd.dwnlld.info www-cbsl-gov-lk.dwnlld.info # Reference: https://www.virustotal.com/gui/ip-address/198.54.120.24/relations mofa-govlk.org lk.mofa-govlk.org mod.mofa-govlk.org presidentsoffice.mofa-govlk.org pubad.mofa-govlk.org sob.mofa-govlk.org gov.lk.mofa-govlk.org mfa.gov.lk.mofa-govlk.org # Reference: https://www.virustotal.com/gui/domain/mfa-gov-al.com/relations mfa-gov-al.com mfa-gov-cy.online # Reference: https://www.virustotal.com/gui/ip-address/139.84.131.91/relations mfa-gov-cy.info # Reference: https://x.com/__0XYC__/status/1896843819838251335 ntc.net.pk.bismi.pro mail.ntc.net.pk.bismi.pro # Reference: https://x.com/mal_analysis136/status/1897314313720983686 bismi.pro vpdf.online # Reference: https://x.com/blackorbird/status/1897618982384873643 # Reference: https://www.virustotal.com/gui/ip-address/185.235.138.29/relations d0wnlaod.org modp-gov-pk.d0wnlaod.org # Reference: https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/ aliyum.email crontec.site d0wnlaod.com debcon.live defencearmy.pro depo-govpk.com dirctt888.com directt88.com documentviewer.info dowmloade.org downl0ad.org file-dwnld.org mevron.tech mod-kh.info modpak-info.services modpak.info ms-office.pro pncert.info veorey.live zeltech.live ziptec.info dgtk.depo-govpk.com # Reference: https://x.com/salmanvsf/status/1901922280508469555 # Reference: https://x.com/suyog41/status/1902321493520064582 # Reference: https://www.virustotal.com/gui/file/9b76d98c2641512c66e8f2f99b2d0bda86ec1a4809420b74feadfb8f4f7dbf48/detection # Reference: https://www.virustotal.com/gui/file/5b5a1833d4daaf05699a009316a4d866851130b258f424f066b867a534ba944d/detection nic-svc.net cabinet-gov-bd.nic-svc.net www-erd-gov-lk.nic-svc.net www-treasury-gov-lk.nic-svc.net # Reference: https://x.com/ShadowChasing1/status/1902203302315749870 # Reference: https://x.com/suyog41/status/1901879336480989522 # Reference: https://www.virustotal.com/gui/file/1815d9aa261c60dde4abe3d8beea19496a9295775d8824087744276fb18a23e0/detection # Reference: https://www.virustotal.com/gui/file/341a21538b90c87b40e150967519a695f2c339befde232e2f3cd85caf6885803/behavior adobeglobal.com cadetcollege.adobeglobal.com latestupdate.adobeglobal.com livestreaming.adobeglobal.com # Reference: https://x.com/ThreatBookLabs/status/1902740067703202129 # Reference: https://x.com/suyog41/status/1914624962876596333 # Reference: https://www.virustotal.com/gui/ip-address/2.58.14.27/relations # Reference: https://www.virustotal.com/gui/file/f464ad5c6aba13b42aa903bda0add7c074d45388da379747c83f2c3756c9b658/detection org-liv.net cabinet-gov-bd.org-liv.net cirt-gov-bd.org-liv.net mail-mofa-gov.org-liv.net mofa-gov-np.org-liv.net pubad-gov-lk.org-liv.net # Reference: https://x.com/blackorbird/status/1902694151847850310 # Reference: https://www.virustotal.com/gui/ip-address/5.255.100.151/relations nrdi-gov.com afdtrg.nrdi-gov.com slpa-lk.nrdi-gov.com # Reference: https://x.com/mal_analysis136/status/1903400504925028535 # Reference: https://www.virustotal.com/gui/ip-address/5.255.120.103/relations # Reference: https://en.fofa.info/result?qbase64=amFybT0iMmFkMmFkMDAwMmFkMmFkMjJjNDJkNDJkMDAwMDAwOGE1OTQxYzEzZjY3ZTBjMGEyYzhhMzZiZmVlZjY5MjAiICYmIGJhbm5lcj0iSFRUUC8xLjEgNDA0IE5vdCBGb3VuZCIgJiYgYmFubmVyPSJTZXJ2ZXI6IG5naW54IiAmJiBiYW5uZXI9IkNvbnRlbnQtVHlwZTogdGV4dC9odG1sIiAmJiBiYW5uZXI9IkNvbm5lY3Rpb246IGtlZXAtYWxpdmUiICYmIGFzbj0iNjA0MDQiICYmIHNlcnZlcj09Im5naW54Ig%3D%3D (# 2025-03-22) ntcpk.co paletec.live sinantion.com circulars.ntcpk.co # Reference: https://x.com/mal_analysis136/status/1903410777085948009 # Reference: https://en.fofa.info/result?qbase64=amFybT0iMjFkMTlkMDAwMjFkMjFkMjFjMjFkMTlkMjFkMjFkZGRjNzVlYThiYjA1MzEzNGU3NDc4ZTAwNGQwM2ZmNjUiICYmIGhlYWRlcj0iSFRUUC8xLjEgNDA0IE5vdCBGb3VuZCIgJiYgaGVhZGVyPSJDb25uZWN0aW9uOiBjbG9zZSIgJiYgaGVhZGVyPSJDb250ZW50LVR5cGU6IHRleHQvaHRtbCIgJiYgaGVhZGVyPSJTZXJ2ZXI6IG5naW54IiAmJiBhc249IjU5NzExIg%3D%3D&page=1&page_size=10 (# 2025-03-22) mail126.live pncert.pro roncez.tech sercoten.info # Reference: https://x.com/Cyberteam008/status/1904701843927863409 # Reference: https://en.fofa.info/result?qbase64=ZmlkPSJhRnJ1NVZDRW1PWWN2KzlIVUczU3J3PT0i (# 2025-03-26) 0ultook.live acenent.site aliyumm.pro appcrew.info ateows.info baatube.com bdnews.info buzsep.info cespkom.info ciamat.info csd-pk.online d0ownload.com doc-downlod.com downnload.net ecility.xyz encetion.live ereribe.tech estsaln.site ex1.mov fx1.live inporta.org install-manager.com kaleido.moe krontab.info krotab.info letcrip.xyz limkdin.com luckjav.com mainet.info maroos.live moragovt.net navy-support.org nolotion.info nrtc-support.com ntc-net.com ntc-pak.org ostcone.site p1x.live pareing.info pl1.mov pn0fficial.info porket.info reasoen.org recovar.org ritenoc.live senine.info superback.space tchgin.site tolera.live updotes.co vinver.live winger.live y1x.org zeanos.live # Reference: https://x.com/__0XYC__/status/1907321547326661055 # Reference: https://x.com/__0XYC__/status/1917099175331959296 # Reference: https://app.validin.com/detail?find=209.74.80.196&type=ip4&ref_id=aed6130bdda#tab=host_pairs # Reference: https://www.virustotal.com/gui/file/2ab8d52677ebc2517c79979246e69ed9bd88b2c40170b3061cd49007c1f6fef4/detection # Reference: https://www.virustotal.com/gui/file/a928c417df15814ebee6434742bfec78cf35fcdc61c871a2f07ce4d7a2a13e3d/detection islamabadpk.site kptkp.online pkcert.news pkcert.report slpa.news moma.islamabadpk.site moma.kptkp.online # Reference: https://x.com/suyog41/status/1909121702707048705 # Reference: https://www.virustotal.com/gui/file/69eee36642f274c724fadcfdf1f103ae0fd9b5f4bad7ac6a33b3c627d6114426/detection net-co.info customs-gov-lk.net-co.info postmaster.net-co.info www-customs-gov-lk.net-co.info # Reference: https://x.com/__0XYC__/status/1909926129340965172 it-pakistan-gov-pk.workers.dev support.it-pakistan-gov-pk.workers.dev # Reference: https://x.com/spontiroli/status/1912850014520463442 # Reference: https://www.virustotal.com/gui/file/7363887b6b0fe7cece3c21ad18515835922379c7d78c47cea745940a1061a6c4/detection info-lanka.org modltr.info-lanka.org # Reference: https://x.com/suyog41/status/1914565910607880350 # Reference: https://app.validin.com/detail?find=2.58.15.89&type=ip4&ref_id=227c9fab6be#tab=resolutions # Reference: https://www.virustotal.com/gui/file/63f5445527c47e17b71e87eef4dd7a86883607a22830bcee5b1fabc5d03bab38/detection mfa-qov.com updates-installer.store pimec-paknavy.updates-installer.store analytic.mfa-qov.com rnail.mfa-qov.com superset.mfa-qov.com # Reference: https://www.virustotal.com/gui/ip-address/2.58.15.76/relations mofa-qov.com rnail.mofa-qov.com # Reference: https://www.virustotal.com/gui/ip-address/2.58.15.42/relations compnetworkservices.ddns.net maildefence.myftp.org office365-server.ddns.net # Reference: https://x.com/volrant136/status/1916037219770634729 # Reference: https://www.virustotal.com/gui/ip-address/2.58.15.183/relations botcel.info # Reference: https://x.com/volrant136/status/1916593879983571354 govtpk.co beoe.govtpk.co # Reference: https://x.com/volrant136/status/1919123011107451280 gov.pk-mail.co pkcert-arbeitssicherheit.de pkcert.com pkcert.live pkcert.net pkcert.org pkcert.gov.pk-mail.co # Reference: https://x.com/suyog41/status/1919279981105992119 # Reference: https://www.virustotal.com/gui/ip-address/109.70.236.126/relations # Reference: https://www.virustotal.com/gui/file/57b9744b30903c7741e9966882815e1467be1115cbd6798ad4bfb3d334d3523d/detection army-govbd.info advisory.army-govbd.info amended.army-govbd.info emv1.army-govbd.info geninstr.army-govbd.info mail.army-govbd.info # Reference: https://x.com/Glacius_/status/1919444379971821617 # Reference: https://www.virustotal.com/gui/file/1955c6914097477d5141f720c9e8fa44b4fe189e854da298d85090cbc338b35a/detection mod-gov-bd.dwnlld.info pc-gov-pk.downnload.net # Reference: https://x.com/suyog41/status/1920014750643007950 # Reference: https://www.virustotal.com/gui/ip-address/193.42.39.217/relations # Reference: https://www.virustotal.com/gui/file/558de2a01fbd76be171561c3c82fd6a8e2d4c913444850af99d44a4cfb41b680/detection # Reference: https://www.virustotal.com/gui/file/725ded50e7f517addd12f029aeaf9a23f2b9ce6239b98820c8a12ea5cb79dbfa/detection # Reference: https://www.virustotal.com/gui/file/b6b98197133a19a20ef64d6206e4b0e98d8d9db00d66a643577f5d55e00ea58d/detection dwnlld.com mod-gov-bd.dwnlld.com mofa-gov-np.dwnlld.com mofa-gov-pk.dwnlld.com mopa-gov-bd.dwnlld.com www-cbsl-gov-lk.dwnlld.com www-presidentsoffice-gov-lk.dwnlld.com # Reference: https://www.virustotal.com/gui/ip-address/85.239.55.124/relations net-co.live cabinet-gov-pk.net-co.live # Reference: https://x.com/suyog41/status/1920723276243894501 # Reference: https://www.virustotal.com/gui/file/85afc5d78392be685ae84f4391aa4e7ea11bb44eb92a3d94a0329a963abf8932/detection # Reference: https://www.virustotal.com/gui/file/8e37838066f5e02e01aa5bf7cfc12f74ed18473d017f00441f57e22e64497c88/detection # Reference: https://www.virustotal.com/gui/file/29f36deedf252bcc1f51882c8f071c9aa128ba7f8acd8dd21d4e2800eb440905/detection # Reference: https://www.virustotal.com/gui/file/1f7873ffa104f80e306b60d00854849b905beaaccb99ab4505146553f4c7e847/detection army-lk.com dsf.army-lk.com dteofmediapsyops.army-lk.com # Reference: https://x.com/suyog41/status/1922211946847228187 # Reference: https://x.com/suyog41/status/1922258775567712490 # Reference: https://www.virustotal.com/gui/file/56ce6048c13a0742f2a00bd75135784a3135c089518d6786242424e5fcb52161/detection # Reference: https://www.virustotal.com/gui/file/01afb99be9f3077b9ebd80f0e67e99a5a0162ba1fa4f7e9285154c78389c206c/detection # Reference: https://www.virustotal.com/gui/file/fdb90737709a989f8d8f1df4d02e9eae2eb6299dc1a9ee55c62ed2eeb6f54cda/detection # Reference: https://www.virustotal.com/gui/file/974e7115f257c4c47a8c12c468f29888cbc31a37504a033dd34aa5190c3381ca/detection # Reference: https://www.virustotal.com/gui/file/08b273a27150fdb1a84f922ffcf55da614b29c149d1c96873aced3f9547e6365/detection nepalarmy-milnp.info cybersecurity.nepalarmy-milnp.info dtecyber.nepalarmy-milnp.info # Reference: https://x.com/suyog41/status/1922225245680721992 # Reference: https://www.virustotal.com/gui/ip-address/5.230.37.44/relations # Reference: https://www.virustotal.com/gui/file/162a1efb479cc29e8f007168386ff4d6e441c46827e00751c56ff5e389a30d37/detection file-dwnld.net interior-gov-pk.file-dwnld.net mofa-gov-bd.file-dwnld.net pmo-gov-pk.file-dwnld.net # Reference: https://x.com/volrant136/status/1922300186526638477 gov-pk.pk cons.gov-pk.pk consmofa.gov-pk.pk mail.gov-pk.pk school.gov-pk.pk # Reference: https://x.com/volrant136/status/1922332480503181486 # Reference: https://www.virustotal.com/gui/ip-address/93.190.143.108/relations goov.pk visa-nadra-gov-pk.pk # Reference: https://x.com/volrant136/status/1923061758643597787 g0vt.pk pk-hhq.cc pk-hq.cc pk-hq.us pk-hqr.co pk-hqr.online pk-ht.pk gov.pk-hhq.cc gov.pk-hq.cc gov.pk-hq.us gov.pk-hqr.co gov.pk-hqr.online gov.pk-ht.pk # Reference: https://x.com/volrant136/status/1923403903262986410 ducane.info l1kdine.com # Reference: https://www.virustotal.com/gui/ip-address/80.251.18.108/relations file-downlod.org songlong88.net # Reference: https://x.com/volrant136/status/1925229593897709961 cons-mofa-gov-pk-hqr-1777839.online # Reference: https://x.com/volrant136/status/1925581298782941625 # Reference: https://www.virustotal.com/gui/ip-address/47.236.12.192/relations mod-gov-bd.info # Reference: https://www.acronis.com/en-us/cyber-protection-center/posts/from-banks-to-battalions-sidewinders-attacks-on-south-asias-public-sector/ 6441056b613c32a9.dwnlld.info 7ef1996f-c463-4540-936a-70d0fd477f98.live-co.org a5936441-e402-41e3-b02b-75af112074b5.org-co.net advisary.army-govbd.info bscic-gov-bd.dwnlld.info dirsports.milqq.info dwnlld.infomfa-gov-lk.dwnlld.info esxipubad-gov-lk.org-co.net hisidewindersidewinder.pimec-paknavy.updates-installer.store lolsidewindersidewinder.nic-svc.net mail.ntc.net.pk.onlinestatus.live mail.ntc.net.pk.vpdf.online mail.paf.gov.pk.onlinestatus.live mod-gov-bd.org-liv.net mof-gov-bd.nic-svc.net mof-gov-np.dwnlld.info mofa-gov-np.live-co.org mofa-gov-np.net-src.info moitt-gov-pk.dwnlld.info probashi-gov-bd.mail-govt.org probashi-gov-bd.net-src.info wnic-svc.net www-cbsl-gov-lk.dwnlld.infomfa-gov-lk.dwnlld.info www-erd-gov-lk.dwnlld.info www-presidentsoffice-gov-lk.dwnlld.com www-treasury-gov-lk.org-liv.net xcfhg.dwnlld.info # Reference: https://x.com/suyog41/status/1925828628517921245 # Reference: https://www.virustotal.com/gui/file/b7a703096c719d8c70f7ce8f586ed83d50975982c83c5bf48e6faff626c6bdee/detection net-src.org mod-gov-bd.net-src.org pmo-gov-pk.net-src.org # Reference: https://x.com/TLP_R3D/status/1926147062552223856 # Reference: https://x.com/volrant136/status/1926301843916734747 http://185.159.128.117 http://31.58.137.246 http://31.15.17.230 http://46.8.226.5 185.159.128.117:443 31.58.137.246:443 31.15.17.230:443 46.8.226.5:443 acfinang.shop anefank.mom asfinnagg.shop asfrimag.mom asfrimamg.mom eairr.mom eneralbqark.shop ier-modile.shop # Reference: https://x.com/volrant136/status/1926564282252120128 mfagov.info mfagov.net # Reference: https://x.com/volrant136/status/1926559917101494717 paknavy.info # Reference: https://www.virustotal.com/gui/ip-address/62.72.22.91/relations # Reference: https://www.virustotal.com/gui/ip-address/92.113.21.70/relations gbpay.gov.pk pmrugb.gov.pk gbpay.pmrugb.gov.pk test.gbpay.gov.pk # Reference: https://x.com/volrant136/status/1927753865471918171 consmofa-gov-pk.com gov-pk.com spfc-punjab-gov-pk.com armslicensekpk.gov-pk.com dlimspunjab.gov-pk.com dlimssindh.gov-pk.com fbr.gov-pk.com licenseinterior.gov-pk.com mail.gov-pk.com ministryofinteriorlicense.gov-pk.com ministryofinteriorpermit.gov-pk.com nadra.gov-pk.com pakvisanadra.gov-pk.com permitinterior.gov-pk.com permitsinteriors-gov-pk.com ptpkp.gov-pk.com punjabpolice.gov-pk.com scandalsofallovertheworld.gov-pk.com # Reference: https://x.com/suyog41/status/1927704786981224607 # Reference: https://www.virustotal.com/gui/ip-address/46.30.189.18/relations # Reference: https://www.virustotal.com/gui/file/dec609e4b53e1b9b5fd9ec72f2c012324b25e9eb0539b0d454e89c4bd2e3bd5c/detection ndma-govpk.co advisory.ndma-govpk.co confidential.ndma-govpk.co # Reference: https://www.virustotal.com/gui/ip-address/34.216.117.25/relations ndma-govpak.org # Reference: https://x.com/malwrhunterteam/status/1928777698526044415 # Reference: https://x.com/volrant136/status/1928856220292571240 # Reference: https://x.com/volrant136/status/1928905494892003331 47.236.177.123:9090 boundschain.workers.dev themegaprovider.ddns.net blue-term-c168.gov-pkgov.workers.dev restless-brook-f09b.boundschain.workers.dev # Reference: https://app.validin.com/lookalikes?limit=1000&lookback=90&depth=0&find=pmo-gov-pk (# 2025-06-11) pbm-gov-pk.ignitebiz.de pqa-gov-pk.workers.dev pta-gov-pk.workers.dev # Reference: https://x.com/suyog41/status/1934520152726413764 # Reference: https://www.virustotal.com/gui/file/2aec3dcec0274b498bd5e6996a7ff835980953485f5a96f105bfa8f4eceda98a/detection # Reference: https://www.virustotal.com/gui/file/cfc62931fafc8e73986d80743215e6d3a4c345c387c2654c3a42968906811f4d/detection # Reference: https://www.virustotal.com/gui/file/a5f3bffd4adbbc344d1b81c7673d6b037713da07baa4b0a0838780436d182946/detection # Reference: https://www.virustotal.com/gui/file/9a2ccd6340020c3f4b5ebbdba16b260fd2869e37c43a7a01fcfa17f2d4438f25/detection downld.org mod-gov-bd.downld.org mofa-gov-bd.downld.org mofa-gov-np.downld.org pubad-gov-lk.downld.org www-erd-gov-lk.downld.org www-treasury-gov-lk.downld.org # Misc. cb-govt.com ik-gost.ru pakgovt.online pakgovt.site pk-go.net pk-gods.com pk-post.top pk-soft.online pkgovk.info pm-gov.cloud ptgovt.top ptt-govt.blog ptt-govt.ink ptt-govt.lat pttgovt.bond pygovt.com uk-gov.cyou uk-gov.icu uk-gov.qpon uk-gova.today