← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC—ShadowSilk: A Cross-Border Binary Union for Data Exfiltration
In the fall of 2024, Group-IB analysts discovered a series of attacks that targeted government organizations of countries within the Central Asia and Asia-Pacific region. Group-IB’s initial assessment revealed that the attacks have been ongoing since 2023, and remains active as of July 2025, based on the activity in the threat actor controlled infrastructure.
Indicators of Compromise (77)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 05436c22388ae10b4023b8b721729a33 | MD5 of 4e98b193d5539bf1ded86a6ddea696288f0a1a3e | 2025-08-28 | |
| FileHash-MD5 | 3d9e8360b665c21a8c2475e14a5ad80d | MD5 of 4d1426c0e04056396f8526a42afbb42f869db85b | 2025-08-28 | |
| FileHash-MD5 | 3ec7ce90ed93c66a416458a5556b3e8b | MD5 of dcb2d87b51de33f6d5fe53f777ad678c0af88a68 | 2025-08-28 | |
| FileHash-MD5 | 40bc6045864be358d36547d6f9eaebba | MD5 of 0279a25ee68fc23e91a353fbcd28f71c21e691fc | 2025-08-28 | |
| FileHash-MD5 | 4c9c25ce3901063067422a2008ea30d7 | MD5 of 16bd4dc2befb4f64aaecf74818a347cd1a02c30d | 2025-08-28 | |
| FileHash-MD5 | 4cdfdad1e4fdbf448d4001ad0f9b5763 | MD5 of 84fcc10fef6409c9f50d56bf4f17070b51149841 | 2025-08-28 | |
| FileHash-MD5 | 7d9213f8f3cba4035542eff1c9dbb341 | MD5 of 5e6254ebcf8ea518716c6090658b89960f425ab3 | 2025-08-28 | |
| FileHash-MD5 | 90f2ca0a38d6e5416ee2f6be6326521d | MD5 of 00bf14e8153778835f95b9255ae1658e37819f8d | 2025-08-28 | |
| FileHash-MD5 | 97c8bad532f5ea539d0d8b93465dda15 | MD5 of f385da641f2e506766a42dde81bb0fab13f845ee | 2025-08-28 | |
| FileHash-MD5 | b5c3016d0758ed3989bf61c2fa526dc9 | MD5 of ca12e8975097d1591cda08d095d4af09b05da83f | 2025-08-28 | |
| FileHash-MD5 | d3799afb20d176652aa74a839716af35 | MD5 of 11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c | 2025-08-28 | |
| FileHash-MD5 | f9a96fd4ed27e469216d3a2892705abe | MD5 of c805c64a9e22f7ae3dea79f9215c60cdf32d87b8 | 2025-08-28 | |
| FileHash-MD5 | fba4e220a03af06a26125b3176131ba6 | MD5 of d840b0b3039be6cce673e6e07da5bd5e76628434 | 2025-08-28 | |
| FileHash-SHA1 | 00bf14e8153778835f95b9255ae1658e37819f8d | — | 2025-08-28 | |
| FileHash-SHA1 | 0135f8420c61babee43625dbba2a23ef9a12477d | — | 2025-08-28 | |
| FileHash-SHA1 | 0279a25ee68fc23e91a353fbcd28f71c21e691fc | — | 2025-08-28 | |
| FileHash-SHA1 | 04f2504f7f00f65e001709650affb90a86404e74 | — | 2025-08-28 | |
| FileHash-SHA1 | 11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c | — | 2025-08-28 | |
| FileHash-SHA1 | 16bd4dc2befb4f64aaecf74818a347cd1a02c30d | — | 2025-08-28 | |
| FileHash-SHA1 | 2cf77e48cf5699aac449c91552804e17edb04a71 | — | 2025-08-28 | |
| FileHash-SHA1 | 46bcac8ced15bf5bc1f2d9e463508273da6fa8e8 | — | 2025-08-28 | |
| FileHash-SHA1 | 471e1de3e1a7b0506f6492371a687cde4e278ed8 | — | 2025-08-28 | |
| FileHash-SHA1 | 488066ea37be17a8103d414c2593c7abb108ae95 | — | 2025-08-28 | |
| FileHash-SHA1 | 4d1426c0e04056396f8526a42afbb42f869db85b | — | 2025-08-28 | |
| FileHash-SHA1 | 4e98b193d5539bf1ded86a6ddea696288f0a1a3e | — | 2025-08-28 | |
| FileHash-SHA1 | 55d214fa9aa4d17cdd222f7deb4c5ec7e71ed4be | — | 2025-08-28 | |
| FileHash-SHA1 | 5731274d1e7f0131e055ec34530f05ee603ef03b | — | 2025-08-28 | |
| FileHash-SHA1 | 5e6254ebcf8ea518716c6090658b89960f425ab3 | — | 2025-08-28 | |
| FileHash-SHA1 | 7006ff7361522f36a25fabd9b91cf755c42c8cd7 | — | 2025-08-28 | |
| FileHash-SHA1 | 84fcc10fef6409c9f50d56bf4f17070b51149841 | — | 2025-08-28 | |
| FileHash-SHA1 | 85bb5a95db5b088b3e2f2c9f308b91d21d81e04d | — | 2025-08-28 | |
| FileHash-SHA1 | 97bab01611d34ae97c368bd2c852f155b7286134 | — | 2025-08-28 | |
| FileHash-SHA1 | 9f4826cff6196b4a84fd9243fd6e6879c220b274 | — | 2025-08-28 | |
| FileHash-SHA1 | b8ddc728483f1fe251d6ab64b401f297d993be39 | — | 2025-08-28 | |
| FileHash-SHA1 | bcb1fd11b6b2f5046d4e5e8f714a8968d8a5d91d | — | 2025-08-28 | |
| FileHash-SHA1 | c02dd4d05a75e038c633d7d62669f2e1484f4b76 | — | 2025-08-28 | |
| FileHash-SHA1 | c805c64a9e22f7ae3dea79f9215c60cdf32d87b8 | — | 2025-08-28 | |
| FileHash-SHA1 | ca12e8975097d1591cda08d095d4af09b05da83f | — | 2025-08-28 | |
| FileHash-SHA1 | d840b0b3039be6cce673e6e07da5bd5e76628434 | — | 2025-08-28 | |
| FileHash-SHA1 | dcb2d87b51de33f6d5fe53f777ad678c0af88a68 | — | 2025-08-28 | |
| FileHash-SHA1 | ded2a5d2a7ebf3af1dc392c1af1e4b31fdc7cabc | — | 2025-08-28 | |
| FileHash-SHA1 | f385da641f2e506766a42dde81bb0fab13f845ee | — | 2025-08-28 | |
| FileHash-SHA1 | fb3db25d5dfe21e3c457756b8bd865c560323527 | — | 2025-08-28 | |
| FileHash-SHA1 | fbbf624503001a981095356d1bd26bbf206a0df2 | — | 2025-08-28 | |
| FileHash-SHA256 | 06f28d4d107d0b5eda2e0c23b59480e8374b27689ec219835f159cd014033d84 | SHA256 of 11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c | 2025-08-28 | |
| FileHash-SHA256 | 1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4 | SHA256 of 5e6254ebcf8ea518716c6090658b89960f425ab3 | 2025-08-28 | |
| FileHash-SHA256 | 297d1afa309cdf0c84f04994ffd59ee1e1175377c1a0a561eb25869909812c9c | SHA256 of 0279a25ee68fc23e91a353fbcd28f71c21e691fc | 2025-08-28 | |
| FileHash-SHA256 | 31dcc36dc81487ce6153ac4b8649c30c9d14c1c8e3fa47db4f3b744fbc45c2c9 | SHA256 of 84fcc10fef6409c9f50d56bf4f17070b51149841 | 2025-08-28 | |
| FileHash-SHA256 | 3560660162f2268d52b69382c78192667a7eee5796d77418a8609b2f1709f834 | SHA256 of ca12e8975097d1591cda08d095d4af09b05da83f | 2025-08-28 | |
| FileHash-SHA256 | 4bfd21ce348c15aa451afbf8bc6ff9fe0197b380fdb711c5aea34409f3adc866 | SHA256 of d840b0b3039be6cce673e6e07da5bd5e76628434 | 2025-08-28 | |
| FileHash-SHA256 | 5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634 | SHA256 of 4e98b193d5539bf1ded86a6ddea696288f0a1a3e | 2025-08-28 | |
| FileHash-SHA256 | 6534d5fd803f9c85bec3a820cef54f953e8643f3a4e16677d11decbf1a5b54c7 | SHA256 of 00bf14e8153778835f95b9255ae1658e37819f8d | 2025-08-28 | |
| FileHash-SHA256 | 66294c9925ad454d5640f4fe753da9e7d6742f60b093ed97be88fcdd47b04445 | SHA256 of 16bd4dc2befb4f64aaecf74818a347cd1a02c30d | 2025-08-28 | |
| FileHash-SHA256 | 99c6017c8658faf678f1b171c8eb5d5fa7e7d08e0a0901b984a8e3e1fab565cd | SHA256 of 4d1426c0e04056396f8526a42afbb42f869db85b | 2025-08-28 | |
| FileHash-SHA256 | e6f76a73180b4f2947764f4de57b52d037b482ece1a88dab9d3290e76be8c098 | SHA256 of f385da641f2e506766a42dde81bb0fab13f845ee | 2025-08-28 | |
| FileHash-SHA256 | edc869faecc69916b10079c15df800951d0a8057f9817f04a938aaece515263d | SHA256 of c805c64a9e22f7ae3dea79f9215c60cdf32d87b8 | 2025-08-28 | |
| FileHash-SHA256 | efb700681713cd50a2addd1fea6b7ee80c084467d3e87668688b9f06642062ba | SHA256 of dcb2d87b51de33f6d5fe53f777ad678c0af88a68 | 2025-08-28 | |
| URL | http://141.98.82.198:9942/ | — | 2025-08-28 | |
| URL | http://193.124.203.226:9942/ | — | 2025-08-28 | |
| URL | http://81.19.136.241:9942/ | — | 2025-08-28 | |
| URL | http://88.214.26.37:9942/ | — | 2025-08-28 | |
| domain | adm-govuz.com | — | 2025-08-28 | |
| domain | emails-cloud.com | — | 2025-08-28 | |
| domain | mailboxdownload.com | — | 2025-08-28 | |
| domain | openpdfllc.com | — | 2025-08-28 | |
| domain | pweobmxdlboi.com | — | 2025-08-28 | |
| hostname | admin.inboxsession.info | — | 2025-08-28 | |
| hostname | auth.allcloudindex.com | — | 2025-08-28 | |
| hostname | document.hometowncity.cloud | — | 2025-08-28 | |
| hostname | document.mailboxarea.cloud | — | 2025-08-28 | |
| hostname | document.webmailsession.com | — | 2025-08-28 | |
| hostname | ex.wincorpupdates.com | — | 2025-08-28 | |
| hostname | inbox.docworldme.com | — | 2025-08-28 | |
| hostname | message.mailboxarea.cloud | — | 2025-08-28 | |
| hostname | mosreg.docworldme.com | — | 2025-08-28 | |
| hostname | ss.qwadx.com | — | 2025-08-28 | |
| hostname | sss.qwadx.com | — | 2025-08-28 |
References (1)