Hi,bro Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group is focus on #APT hunte and analysis I hope you will follow us :-)

@Huntio 4/ Similarly, by analyzing the domain over @virustotal, we have found another subdomain targeting #Pakistan Ministry of Foreign Affairs (#MOFA). mail[.]mofa[.]gov[.]pk[.]officemuwork[.]online #APT #Sidewinder

2/ The analysis of web page shows the username and password being exfiltrated to same domain on URI "/sumit" Similarly, the IP Address and Browser Details of user visiting the webpage is also captured.

3/ Furthermore, using @Huntio, a #HuntSQL query is created to find similar webpages among past 3 months. The results show one additional #APT #Sidewinder domain. http://mail[.]navy[.]mil[.]bd[.]officemuwork[.]online/swpGMooD

#APT #Sidewinder targets #Bangladesh #Navy 1/ Using @Huntio, a new Fake Zimbra Login Page found targeting Bangladesh Navy. IoC: https://mail-bcc-gov-bd-7j5la[.]bunny[.]run/ @500mk500 @MichalKoczwara @malwrhunterteam

KB국민은행 거래내역 제출 안내서.hwp.lnk 3a2ec9a8ccb085bb6f68909ca8a2819fd517e6e02b3e7fa52e30198c56f2637a https://t.co/GS5Zt7Syic #APT #Suspicious

bba114b1c16d26f032a878432d6e69dd zip d5aad3c3e1f6853fd92e95a33592e8e1 lnk C2 igamingroundtable[.]com #APT #IOC

'212th_Confirm_Minutes.chm' seen from Sri Lanka @abuse_ch https://t.co/M1jPMOZPnf @volrant136 @RedDrip7 @suyog41 Could this be Sidewinder?

给压缩包做加密处理的PatchWork组织 #APT #PatchWork

#APT #Sidewinder targets #SriLankan #Navy 4th sightings for "mailsserver-lk[.]com" - Another Webpage tracked by @Huntio URL: https://copeparliament[.]github[.]io/mails.navy.lk/ Ref: https://t.co/eJQUmkIDc6 @500mk500 @MichalKoczwara @malwrhunterteam

#APT #Patchwork used a trojan named as "ShadowAgent" communicating with the C2 server via websocket + http 1c335be51fc637b50d41533f3bef2251 f78fd7e4d92743ef6026de98291e8dee Download URL: hxxps://firebasescloudemail.com/reports/OPS-VII-SIR[.]zip C2: www.mydropboxbackup[.]com:443

Possible interesting "CC Development Document.7z": 8bbc0b45edb265a0ba51d6b017e0bc3b883382e29e70db5a52b11d1ccfeb1458

#APT #Sidewinder targets #Bangladesh Computer Council (BCC) 1/ Using @Huntio, I have tracked a webpage targeting Bangladesh using Fake #Zimbra Page. https://bccgov-bd-production[.]up[.]railway[.]app/?ioewroiewrioweroiriwwoei=1 @500mk500 @MichalKoczwara @malwrhunterteam

#Philippines Campaign PCG_124th_Anniversary_Event_Documents_Office_of_the_President_23102025-Archive.zip 8e130c2604516ccd4bcba72cc6549649 124th_Anniversary_of_the_Philippine_Coast_Guard_Event_Summary_and_Feedback_Request_Office_of_the_Appointments_Secretary_OP_23102025.pdf.lnk

#NorthKorea #Konni XX은행 송금 및 거래내역 관련 확인자료 제출 서류.zip (ee648192370dacdf2a1e9fe7deac95d1) D:\3_Attack Weapon\Autoit\Build\__Poseidon - Attack\client3.3.14.a3x igamingroundtable[.]com 109.234.36[.]135 B073WE15-D8QD-87A1-7464-CE66A8819E701

Similar Sample f6ceb2a7ae53e0b0a63fde0347bda58bf50f79e0ff8395a03d3f6bb47e3ec744

6. [UnKnown] LiveUpdate_for_GE_VERNOVA_v2.01.0001_Silent.exe -MD5:4cbcee776548fe1c5bc96b90fc9205fb 6. [UnKnown] Fasoo_DRM_Client.exe -MD5:f70ff2102bc0039df206f37b7c7f75d5 7. [UnKnown] UnKnown -MD5:f21c6b0807043722876c8fcf79930458 -MD5:c393a281f4969fa7e0223df247c1e45d

Threat Alert: #MuddyWater — Phoenix Backdoor C2 Activity Observed C2 / Compromised Hosts: support[.]micsoft[.]store fourdjecem[.]shop poundpills[.]com IP: 64[.]7[.]198[.]12 ThreatBook Intelligence: https://t.co/VIFMs5wA3G

*Fasoo CodeSign Malware* 1. [25.10.25]국내 A형간염 현황 및 예방접종 권고 대상자 안내.pdf.scr.exe -MD5:0f3e5058154de146fb3f1921c7f89952 2. [250908]A_HK이노션_SecuwaySSL VPN Manager U100S 100user_견적서.scr -MD5:d28f74a6b2dd6301f2d30f46600f6bd6 #APT #Lazarus

@Huntio 3/ However, the #sidewinder still using the same domain and C2 server to continue phishing. ref: https://t.co/tPVgs5DdjU

2/ Research on #Operation #SouthNet by @Huntio also revealed that same pages was observed at https://mailcbmgovmm[.]pages[.]dev which is now reported as phishing.