← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
SHADOW-EARTH-053 Uses Legacy Exchange Exploitation to Target Asia-Pacific Governments
The cyberespionage campaign known as SHADOW-EARTH-053 has been linked to a China-aligned threat actor. This campaign has specifically targeted government agencies, defense contractors, and critical infrastructure organizations across various countries in the Asia-Pacific region, employing a range of advanced exploitation and persistence techniques that mainly revolve around unpatched vulnerabilities in Microsoft Exchange and IIS.
MITRE ATT&CK & Malware Families
Indicators of Compromise (70)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| CVE | CVE-2017-7921 | — | 2026-05-20 | |
| CVE | CVE-2021-21974 | — | 2026-05-20 | |
| CVE | CVE-2021-26855 | — | 2026-05-20 | |
| CVE | CVE-2021-26857 | — | 2026-05-20 | |
| CVE | CVE-2021-26858 | — | 2026-05-20 | |
| CVE | CVE-2021-27065 | — | 2026-05-20 | |
| CVE | CVE-2021-33044 | — | 2026-05-20 | |
| CVE | CVE-2021-3493 | — | 2026-05-20 | |
| CVE | CVE-2021-4034 | — | 2026-05-20 | |
| CVE | CVE-2022-21894 | — | 2026-05-20 | |
| CVE | CVE-2022-26134 | — | 2026-05-20 | |
| CVE | CVE-2022-30190 | — | 2026-05-20 | |
| CVE | CVE-2022-31199 | — | 2026-05-20 | |
| CVE | CVE-2022-47986 | — | 2026-05-20 | |
| CVE | CVE-2023-1389 | — | 2026-05-20 | |
| CVE | CVE-2023-22518 | — | 2026-05-20 | |
| CVE | CVE-2023-2868 | — | 2026-05-20 | |
| CVE | CVE-2023-34362 | — | 2026-05-20 | |
| CVE | CVE-2023-36025 | — | 2026-05-20 | |
| CVE | CVE-2023-46604 | — | 2026-05-20 | |
| CVE | CVE-2024-21412 | — | 2026-05-20 | |
| CVE | CVE-2024-3400 | — | 2026-05-20 | |
| CVE | CVE-2024-40766 | — | 2026-05-20 | |
| CVE | CVE-2024-7344 | — | 2026-05-20 | |
| CVE | CVE-2025-0994 | — | 2026-05-20 | |
| CVE | CVE-2025-21042 | — | 2026-05-20 | |
| CVE | CVE-2025-3248 | — | 2026-05-20 | |
| CVE | CVE-2025-49704 | — | 2026-05-20 | |
| CVE | CVE-2025-49706 | — | 2026-05-20 | |
| CVE | CVE-2025-53770 | — | 2026-05-20 | |
| CVE | CVE-2025-53771 | — | 2026-05-20 | |
| CVE | CVE-2025-55182 | — | 2026-05-20 | |
| CVE | CVE-2026-21509 | — | 2026-05-20 | |
| FileHash-MD5 | 2616e7ec2d6c4b86a7fa1f4a762ae918 | MD5 of 23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7 | 2026-05-20 | |
| FileHash-MD5 | 29015d3fa89c75ee576b14849133d6d9 | MD5 of e12c2682a7949661fa99bf46723a1405c658d109411de3bf6cb04c57337cc020 | 2026-05-20 | |
| FileHash-MD5 | 48370247d5c3c01474f19e172112710a | MD5 of 5bf35daaf26508fc136157818ead48cc5c7fa3a3e6273cde2c757673586a78a6 | 2026-05-20 | |
| FileHash-MD5 | 4b7a47b639a2aca7818d111ee7f23b3e | MD5 of 0c63857269205f6505c259a56ea53b23b2bf7432aabb8647d59b321232ca7e36 | 2026-05-20 | |
| FileHash-MD5 | 531da3715b1e4fc9baeaa034888ac419 | MD5 of 0eb72c1f1605d999488d903021d82a9ff4b937e6c1a1da50c55440f018e83ad9 | 2026-05-20 | |
| FileHash-MD5 | 7b2590be24290eb4b51bed2af1744b04 | MD5 of c935ded2729f0513672e261170d73d4e0e13a9b837f104d840c44a39b84c0d71 | 2026-05-20 | |
| FileHash-MD5 | 9daba43a4c2495f596555653c6fe88d2 | MD5 of f19a67b9c8805b335676f0fc17495839327f8135f791aa11d5d9adba2c83cc1c | 2026-05-20 | |
| FileHash-MD5 | a85459a1ec90a52b5c1f2f5a12bb2d10 | MD5 of 884601e54fc2e6833167d33436b68e952020cdb99507b2807feec1bc086027c2 | 2026-05-20 | |
| FileHash-MD5 | c4144edb268001595700b5f27d7d7422 | MD5 of 97ea803792929f802388e9d0e75a3c79c28260d589bc2d87902c73c729ed6f9e | 2026-05-20 | |
| FileHash-MD5 | e5b0fd04b03d92d4dfb8e50b9b9b3068 | MD5 of 41f74c3fc32752b5c7b88e7a5723441cb827958bc21b647fffae469407f1ce99 | 2026-05-20 | |
| FileHash-MD5 | efcb90de13a82c10a34e900ab91942c1 | MD5 of a65483b86847995a67de0fcb2a5487cdbc96361cb2e9dea8ab74005c8fef65ce | 2026-05-20 | |
| FileHash-MD5 | fc751b0416d4dc320eb175cea5a9e4dd | MD5 of 9dda789b85fce6294f91a79b7271a93de36dfcef21fc680dc2bf4235141e47df | 2026-05-20 | |
| FileHash-SHA1 | 2dd614427b80cdd38e8bbe0ace24a484671c0da2 | SHA1 of 0c63857269205f6505c259a56ea53b23b2bf7432aabb8647d59b321232ca7e36 | 2026-05-20 | |
| FileHash-SHA1 | 31b3dd9ee46805b0ed6e6dd6a5ee17facadfd2ff | SHA1 of a65483b86847995a67de0fcb2a5487cdbc96361cb2e9dea8ab74005c8fef65ce | 2026-05-20 | |
| FileHash-SHA1 | 3f858c007d4d49dd7fa260bcc786c34d4f78dbf5 | SHA1 of 5bf35daaf26508fc136157818ead48cc5c7fa3a3e6273cde2c757673586a78a6 | 2026-05-20 | |
| FileHash-SHA1 | 4541e55b70ca12ae4a79e38c0b4c31f067eb5cdc | SHA1 of 97ea803792929f802388e9d0e75a3c79c28260d589bc2d87902c73c729ed6f9e | 2026-05-20 | |
| FileHash-SHA1 | 4ed658583208dcc524e58231382d2ae23961b522 | SHA1 of c935ded2729f0513672e261170d73d4e0e13a9b837f104d840c44a39b84c0d71 | 2026-05-20 | |
| FileHash-SHA1 | 824f13f758ce278f72a4aeaf1e15a703d5107dd7 | SHA1 of f19a67b9c8805b335676f0fc17495839327f8135f791aa11d5d9adba2c83cc1c | 2026-05-20 | |
| FileHash-SHA1 | 861a686461ad830b268977808ba56730616c7684 | SHA1 of 0eb72c1f1605d999488d903021d82a9ff4b937e6c1a1da50c55440f018e83ad9 | 2026-05-20 | |
| FileHash-SHA1 | 95015643ecb3ba321b8cff8eca2907e5356e8659 | SHA1 of 884601e54fc2e6833167d33436b68e952020cdb99507b2807feec1bc086027c2 | 2026-05-20 | |
| FileHash-SHA1 | ac7ffce58c70fb9f837e11a44d655d6c28e276f5 | SHA1 of e12c2682a7949661fa99bf46723a1405c658d109411de3bf6cb04c57337cc020 | 2026-05-20 | |
| FileHash-SHA1 | ccbd7c92cac1ec732e980f128d2f266e9190ff8f | SHA1 of 41f74c3fc32752b5c7b88e7a5723441cb827958bc21b647fffae469407f1ce99 | 2026-05-20 | |
| FileHash-SHA1 | e1bcf36ed2f7a60dd0dde52abf11c942e2657e31 | SHA1 of 23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7 | 2026-05-20 | |
| FileHash-SHA1 | ebfd92291714e6d7e57cf4830aa8f87950b796bb | SHA1 of 9dda789b85fce6294f91a79b7271a93de36dfcef21fc680dc2bf4235141e47df | 2026-05-20 | |
| FileHash-SHA256 | 0c63857269205f6505c259a56ea53b23b2bf7432aabb8647d59b321232ca7e36 | — | 2026-05-20 | |
| FileHash-SHA256 | 0eb72c1f1605d999488d903021d82a9ff4b937e6c1a1da50c55440f018e83ad9 | — | 2026-05-20 | |
| FileHash-SHA256 | 188c72b101cd8ad96ef971e8943bddb3acd9dc45fe1d8719217d171e600a29aa | — | 2026-05-20 | |
| FileHash-SHA256 | 23c2ebc8f9bac96b2fbbb9b00b457c48d65a9f66ec24fbfba339eeefd0539ad7 | — | 2026-05-20 | |
| FileHash-SHA256 | 41f74c3fc32752b5c7b88e7a5723441cb827958bc21b647fffae469407f1ce99 | — | 2026-05-20 | |
| FileHash-SHA256 | 5bf35daaf26508fc136157818ead48cc5c7fa3a3e6273cde2c757673586a78a6 | — | 2026-05-20 | |
| FileHash-SHA256 | 884601e54fc2e6833167d33436b68e952020cdb99507b2807feec1bc086027c2 | — | 2026-05-20 | |
| FileHash-SHA256 | 97ea803792929f802388e9d0e75a3c79c28260d589bc2d87902c73c729ed6f9e | — | 2026-05-20 | |
| FileHash-SHA256 | 9dda789b85fce6294f91a79b7271a93de36dfcef21fc680dc2bf4235141e47df | — | 2026-05-20 | |
| FileHash-SHA256 | a65483b86847995a67de0fcb2a5487cdbc96361cb2e9dea8ab74005c8fef65ce | — | 2026-05-20 | |
| FileHash-SHA256 | c935ded2729f0513672e261170d73d4e0e13a9b837f104d840c44a39b84c0d71 | — | 2026-05-20 | |
| FileHash-SHA256 | e12c2682a7949661fa99bf46723a1405c658d109411de3bf6cb04c57337cc020 | — | 2026-05-20 | |
| FileHash-SHA256 | f19a67b9c8805b335676f0fc17495839327f8135f791aa11d5d9adba2c83cc1c | — | 2026-05-20 |