← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
ShadowSilk: A Cross-Border Binary Union for Data Exfiltration.
WHITE PetrP.73 2025-08-28 Modified: 2025-09-27
68
IOCs
HIGH VOLUME
The group known as ShadowSilk has been identified as a cyber threat actor targeting government entities primarily in Central Asia and the Asia-Pacific (APAC) region since at least 2023, with ongoing activities detected through July 2025. ShadowSilk is connected to another group, YoroTrooper, sharing infrastructure and tools while operating as a distinct threat cluster. Analysis indicates that ShadowSilk's operations prioritize data exfiltration, having compromised over 35 victims mostly within the government sector. Technical assessments reveal that ShadowSilk employs a sophisticated arsenal, including public exploits, penetration-testing tools, and web panels acquired from dark web forums. These panels enable attackers to manage infected devices, upload files, and execute malicious code. Key elements of their toolkit include a web panel named Panel JLIB,
discoverydatashadowsilkfscanwpscansqlmapgather victimscanningmalwareaccessexecutionpowershellcobalt strikemetasploittelegramjratexploitgodzillabehindermanipulationmeterpreter
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (13 / 68 total)
All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 06f28d4d107d0b5eda2e0c23b59480e8374b27689ec219835f159cd014033d84 SHA256 of 11b0b620d0f0c4269a191d4ad9fd2042fb5e9d6c 2025-08-28
FileHash-SHA256 1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4 SHA256 of 5e6254ebcf8ea518716c6090658b89960f425ab3 2025-08-28
FileHash-SHA256 297d1afa309cdf0c84f04994ffd59ee1e1175377c1a0a561eb25869909812c9c SHA256 of 0279a25ee68fc23e91a353fbcd28f71c21e691fc 2025-08-28
FileHash-SHA256 31dcc36dc81487ce6153ac4b8649c30c9d14c1c8e3fa47db4f3b744fbc45c2c9 SHA256 of 84fcc10fef6409c9f50d56bf4f17070b51149841 2025-08-28
FileHash-SHA256 3560660162f2268d52b69382c78192667a7eee5796d77418a8609b2f1709f834 SHA256 of ca12e8975097d1591cda08d095d4af09b05da83f 2025-08-28
FileHash-SHA256 4bfd21ce348c15aa451afbf8bc6ff9fe0197b380fdb711c5aea34409f3adc866 SHA256 of d840b0b3039be6cce673e6e07da5bd5e76628434 2025-08-28
FileHash-SHA256 5a6b089b1d2dd66948f24ed2d9464ce61942c19e98922dd77d36427f6cded634 SHA256 of 4e98b193d5539bf1ded86a6ddea696288f0a1a3e 2025-08-28
FileHash-SHA256 6534d5fd803f9c85bec3a820cef54f953e8643f3a4e16677d11decbf1a5b54c7 SHA256 of 00bf14e8153778835f95b9255ae1658e37819f8d 2025-08-28
FileHash-SHA256 66294c9925ad454d5640f4fe753da9e7d6742f60b093ed97be88fcdd47b04445 SHA256 of 16bd4dc2befb4f64aaecf74818a347cd1a02c30d 2025-08-28
FileHash-SHA256 99c6017c8658faf678f1b171c8eb5d5fa7e7d08e0a0901b984a8e3e1fab565cd SHA256 of 4d1426c0e04056396f8526a42afbb42f869db85b 2025-08-28
FileHash-SHA256 e6f76a73180b4f2947764f4de57b52d037b482ece1a88dab9d3290e76be8c098 SHA256 of f385da641f2e506766a42dde81bb0fab13f845ee 2025-08-28
FileHash-SHA256 edc869faecc69916b10079c15df800951d0a8057f9817f04a938aaece515263d SHA256 of c805c64a9e22f7ae3dea79f9215c60cdf32d87b8 2025-08-28
FileHash-SHA256 efb700681713cd50a2addd1fea6b7ee80c084467d3e87668688b9f06642062ba SHA256 of dcb2d87b51de33f6d5fe53f777ad678c0af88a68 2025-08-28