Pulse Detail — Threat Intelligence

PULSE NAME

An Investigation Into Years of Undetected Operations Targeting High-Value Sectors

WHITE CL-UNK-1068 AlienVault 2026-03-06 Modified: 2026-04-05

IOCs

MEDIUM VOLUME

Since 2020, a Chinese threat actor dubbed CL-UNK-1068 has been targeting high-value organizations across South, Southeast and East Asia, focusing on critical sectors like aviation, energy, government, and telecommunications. The group employs a diverse toolkit including custom malware, modified open-source utilities, and living-off-the-land binaries to maintain stealthy persistence. Their techniques involve web shell deployment, DLL side-loading attacks, and credential theft. The attackers exfiltrate sensitive data, including configuration files and database backups. While primarily assessed as an espionage operation, cybercriminal motivations cannot be fully ruled out. The activity demonstrates sophisticated cross-platform capabilities, targeting both Windows and Linux environments.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1033 T1003 T1069 T1082 T1021.002 T1505.003 T1016 T1087 T1059 T1083 T1049 T1057 T1078 T1012 T1136 T1046 T1518 T1574.002 T1021.001

MALWARE FAMILIES

GodZilla AntSword Xnote Fast Reverse Proxy ScanPortPlus SuperDump Sliver

Indicators of Compromise (44)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2021-4034	—	2026-03-06
CVE	CVE-2023-34048	—	2026-03-06
CVE	CVE-2026-0628	—	2026-03-06
FileHash-MD5	0579c97136b75a3a60423af72f5d0ab1	—	2026-03-06
FileHash-MD5	153de64a0649787191367d65727db9e5	—	2026-03-06
FileHash-MD5	19d0db9625256adfc1068de9f5c4ad12	—	2026-03-06
FileHash-MD5	30833ab8ac0c794a3806dbe7c94eaddd	—	2026-03-06
FileHash-MD5	bb49d3ff670c3583955d2732ba7d78e0	—	2026-03-06
FileHash-MD5	e1cdaa62c9def1e02d46dfa061b96ec5	—	2026-03-06
FileHash-SHA1	02b0cac600171ad9b7e691def9683dbbccdfe7fc	—	2026-03-06
FileHash-SHA1	1595c9aac94dbf845e4e9c1cd10c5b06638450f7	—	2026-03-06
FileHash-SHA1	715558e5f1900c65e41b9968b75ba11143f73d86	—	2026-03-06
FileHash-SHA1	c41df1851ea7edf8115ddf59e53af8d9763fac0d	—	2026-03-06
FileHash-SHA1	ddaed290b7f0838b5547d4e082b9f9c0145fda77	—	2026-03-06
FileHash-SHA1	f3a0a2bd2c3665b5973bd629bd55e270657ae030	—	2026-03-06
FileHash-SHA256	082a55731f972cd15e103104229a68175a8c59a52bae05daa8ed4302df7c2dec	—	2026-03-06
FileHash-SHA256	0c7db12ec29f333bf5f53dc5c73ec446b2265fca3aad5144c3569409e15123cb	—	2026-03-06
FileHash-SHA256	0d03934eb181c2befbc5341208c4eb8f939e00382ac632216397b8210225c937	—	2026-03-06
FileHash-SHA256	26483f0886078cc9f5f9912d3ffce1301e297b435920ab1c86c9107bbdce4db2	—	2026-03-06
FileHash-SHA256	3b2b6a3ee023dfa168f257b292a28f5fbdbacb5aa2250e1efb36e650529db1b5	—	2026-03-06
FileHash-SHA256	3e698c85660e2c012b3db7f47ca3f2b1af2b6b0e0a0d2bdb7903f91cf9d31732	—	2026-03-06
FileHash-SHA256	524734501be19e9ed1bfab304b0622a2263a4f9e3db0971f3fae93f7e7369c20	—	2026-03-06
FileHash-SHA256	52c817465a56ccd0fb4e914a3274a9e9a93e872583e6239bc6461e4f3e40c567	—	2026-03-06
FileHash-SHA256	5c986203242e2ed25458b0606ee7be57070f6d66b7472b453d92b1b6786443bd	—	2026-03-06
FileHash-SHA256	6ddbfd3a96834087501f0c9415a925cafdb92cb8ff34685f138833b4795416d6	—	2026-03-06
FileHash-SHA256	8a3345f0d8f1a7d78ea485ae11358cf2ae3d51cb7975524d6d67ba05a08a37ea	—	2026-03-06
FileHash-SHA256	8d3907d56b1dd1609053cb55dd66f33499e1ea091133df76d8fe6f08f25f37b2	—	2026-03-06
FileHash-SHA256	96f52e4666aa8df67f8d7d00a523cd25e11402108157156775603b3d9514925c	—	2026-03-06
FileHash-SHA256	99bd09e1c500866b2b809fd9170f1b8b7e120da21a1f2eed6165fcf81bf519b7	—	2026-03-06
FileHash-SHA256	b87cee18720c176c1972cf5c74e3c09877177e0c49c34a04b910bb3c70839b71	—	2026-03-06
FileHash-SHA256	c880936ba0ca153719c2cca33c1925a9480d28abc88cf4daa02f34cc8cc1c9e5	—	2026-03-06
FileHash-SHA256	cdb90179188a142d24147edcb72be8b574fac4f6833fff15a6ee803754dec0c0	—	2026-03-06
FileHash-SHA256	ce20c033dcadf17d9cca325869f946efdd82ab0756fa56e262b6f573252d457c	—	2026-03-06
FileHash-SHA256	cfcbb3014ecc560ba36103213b36fc62d6b0ef22c49067ff0d860fd7253a7c94	—	2026-03-06
FileHash-SHA256	cfdcbc553bc7464aedfb6758b0a38acc78d9537eabe9717e60ab0d8d3b355225	—	2026-03-06
FileHash-SHA256	d6ed94589b0e6a7c3e1a6052e18f3962ca78c385c78036972d5ea72c07a5772c	—	2026-03-06
FileHash-SHA256	d8378cf105146217e6ded438187c4ea0edcadb6cf27f5eeddda3fd80cce76d72	—	2026-03-06
FileHash-SHA256	e1ff808321ce952384b7fff720584c48ec0fd36480d6bc9ac0d5db036102c368	—	2026-03-06
FileHash-SHA256	e9541e8afa502e13c18734756270b10e3c07f1071283387e63c8f8b0ba591343	—	2026-03-06
FileHash-SHA256	edc0287da3c6bb62a7b2fd3949be5688628fc0e893b5822bd5734a63c39f7ab1	—	2026-03-06
FileHash-SHA256	f6ac9e5e76bc9daf4772c5be43c9eac1d2611caafd49fac70bbb8eebfa4781ac	—	2026-03-06
FileHash-SHA256	f710dc61c2edc85841fd733a17b7977dfb889d6476c59bb3c54a5b2fd393ac13	—	2026-03-06
FileHash-SHA256	f7c73b1ac9aff545b184ec7121f2bc706c5064dc3c17f59e9a39469031bf2ef6	—	2026-03-06
FileHash-SHA256	fb9400d763a009b3bd2b9468410e0c69ee8a4f58400e532f086cef749422210d	—	2026-03-06

References (1)

↗ https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/