Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Maltrail IOC for 2026-07-12

0
Medium
Published: 07/11/2026 (07/11/2026, 00:00:00 UTC)
Source: CIRCL OSINT Feed

Description

This entry reports an Indicator of Compromise (IOC) related to malware activity identified by Maltrail on 2026-07-12. The IOC is associated with the APT group known as Sidewinder and includes multiple URLs and domains linked to malicious infrastructure. No specific software versions are affected, and no patch or fix is available. The threat is assessed as medium severity based on the provided information.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/12/2026, 12:00:55 UTC

Technical Analysis

The report details a set of IOCs related to malware attributed to the APT Sidewinder group, collected and shared via the CIRCL OSINT Feed. The indicators include URLs to GitHub commits, VirusTotal detections, social media posts, and numerous suspicious domains primarily under the 'download-msoffice.com' domain and related subdomains. These indicators are intended for detection and blocking purposes rather than describing a vulnerability or exploit. There is no associated CVE or known exploit in the wild. The threat is categorized as medium risk based on observed network activity and external analysis.

Potential Impact

The impact involves potential compromise or malicious activity linked to the identified domains and URLs used by the APT Sidewinder group. There is no direct vulnerability or exploit described, so the impact is limited to detection and prevention of malware-related network activity. No known ransomware campaigns or exploits in the wild are reported.

Mitigation Recommendations

No patch or official remediation is available or applicable since this is an IOC report rather than a software vulnerability. Security teams should use the provided indicators to update detection and blocking mechanisms such as IDS/IPS, firewalls, and endpoint protection systems to identify and prevent connections to the listed malicious domains and URLs. Regular threat intelligence updates and monitoring for related activity are recommended.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Uuid
d17ccdfc-4453-4176-a88b-9e71e060d66f
Original Timestamp
1783810807

Indicators of Compromise

Url

ValueDescriptionCopy
urlhttps://api.github.com/repos/stamparm/maltrail/commits/62bcccbdb75b98a64c49f74282b0942f4661fb2a
apt_sidewinder
urlhttps://x.com/suyog41/status/2075572390315311333
apt_sidewinder
urlhttps://www.virustotal.com/gui/file/372226c831de35186e1c96ec28c9ca8ceb02d69c9fe718e21d35b2e921ccf1de/detection
apt_sidewinder
urlhttps://www.virustotal.com/gui/file/5ef25d162827195f2fbdc80fd5c6d119ff41dd16f980692a8c4308465d88c554/detection
apt_sidewinder
urlhttps://x.com/volrant136/status/2076012175685287991
apt_sidewinder

Domain

ValueDescriptionCopy
domaindownload-msoffice.com
apt_sidewinder
domainbdnavy.download-msoffice.com
apt_sidewinder
domaincabinet-division-gov-pk.download-msoffice.com
apt_sidewinder
domainceh.download-msoffice.com
apt_sidewinder
domaindocx2a2e3e78e76bcc759905da3f1532a4b8c2word.download-msoffice.com
apt_sidewinder
domainmm.download-msoffice.com
apt_sidewinder
domainportmin.download-msoffice.com
apt_sidewinder
domaintraining.docx2a2e3e78e76bcc759905da3f1532a4b8c2word.download-msoffice.com
apt_sidewinder
domainword.download-msoffice.com
apt_sidewinder
domainmail-bcc-gov-bd.vercel.app
apt_sidewinder

Threat ID: 6a5381ee68715ace430490e3

Added to database: 07/12/2026, 12:00:46 UTC

Last enriched: 07/12/2026, 12:00:55 UTC

Last updated: 07/12/2026, 16:27:38 UTC

Views: 12

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses