Pulse Detail — Threat Intelligence

PULSE NAME

ShadowSilk: A Cross-Border Binary Union for Data Exfiltration.

WHITE PetrP.73 2025-08-28 Modified: 2025-09-27

IOCs

HIGH VOLUME

The group known as ShadowSilk has been identified as a cyber threat actor targeting government entities primarily in Central Asia and the Asia-Pacific (APAC) region since at least 2023, with ongoing activities detected through July 2025. ShadowSilk is connected to another group, YoroTrooper, sharing infrastructure and tools while operating as a distinct threat cluster. Analysis indicates that ShadowSilk's operations prioritize data exfiltration, having compromised over 35 victims mostly within the government sector. Technical assessments reveal that ShadowSilk employs a sophisticated arsenal, including public exploits, penetration-testing tools, and web panels acquired from dark web forums. These panels enable attackers to manage infected devices, upload files, and execute malicious code. Key elements of their toolkit include a web panel named Panel JLIB,

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1005 T1007 T1008 T1016 T1020 T1033 T1041 T1053 T1059 T1071 T1082 T1083 T1087 T1090 T1113 T1114 T1119 T1123 T1125 T1134 T1190 T1204 T1217 T1505 T1547 T1552 T1555 T1560 T1566 T1571 T1573 T1583 T1584 T1587 T1588 T1590 T1594 T1595 T1596 T1210

Indicators of Compromise (13 / 68 total)

All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	05436c22388ae10b4023b8b721729a33	MD5 of 4e98b193d5539bf1ded86a6ddea696288f0a1a3e	2025-08-28
FileHash-MD5	3d9e8360b665c21a8c2475e14a5ad80d	MD5 of 4d1426c0e04056396f8526a42afbb42f869db85b	2025-08-28
FileHash-MD5	3ec7ce90ed93c66a416458a5556b3e8b	MD5 of dcb2d87b51de33f6d5fe53f777ad678c0af88a68	2025-08-28
FileHash-MD5	40bc6045864be358d36547d6f9eaebba	MD5 of 0279a25ee68fc23e91a353fbcd28f71c21e691fc	2025-08-28
FileHash-MD5	4c9c25ce3901063067422a2008ea30d7	MD5 of 16bd4dc2befb4f64aaecf74818a347cd1a02c30d	2025-08-28
FileHash-MD5	4cdfdad1e4fdbf448d4001ad0f9b5763	MD5 of 84fcc10fef6409c9f50d56bf4f17070b51149841	2025-08-28
FileHash-MD5	7d9213f8f3cba4035542eff1c9dbb341	MD5 of 5e6254ebcf8ea518716c6090658b89960f425ab3	2025-08-28
FileHash-MD5	90f2ca0a38d6e5416ee2f6be6326521d	MD5 of 00bf14e8153778835f95b9255ae1658e37819f8d	2025-08-28
FileHash-MD5	97c8bad532f5ea539d0d8b93465dda15	MD5 of f385da641f2e506766a42dde81bb0fab13f845ee	2025-08-28
FileHash-MD5	b5c3016d0758ed3989bf61c2fa526dc9	MD5 of ca12e8975097d1591cda08d095d4af09b05da83f	2025-08-28
FileHash-MD5	d3799afb20d176652aa74a839716af35	MD5 of 11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c	2025-08-28
FileHash-MD5	f9a96fd4ed27e469216d3a2892705abe	MD5 of c805c64a9e22f7ae3dea79f9215c60cdf32d87b8	2025-08-28
FileHash-MD5	fba4e220a03af06a26125b3176131ba6	MD5 of d840b0b3039be6cce673e6e07da5bd5e76628434	2025-08-28