Today > vulnerabilities   -   You can now download lists of IOCs here!

Evasive Panda scouting cloud services

Oct. 29, 2024, 1:28 p.m.

Tags
apt
china
cyberespionage
taiwan
mgbot
cloud services
2024-10-28
nightdoor
cookie theft
cloudscout
External References
Description

CloudScout is a post-compromise toolset used by Evasive Panda to target a Taiwanese government entity and religious organization between 2022 and 2023. The toolset can retrieve data from various cloud services using stolen web session cookies. It works with MgBot, Evasive Panda's malware framework, through a plugin. Three CloudScout modules were analyzed, targeting Google Drive, Gmail, and Outlook. The modules are deployed by MgBot plugins and use stolen cookies to access and exfiltrate cloud data. CloudScout's design includes a common architecture across modules and a core CommonUtilities package. The toolset demonstrates Evasive Panda's technical capabilities and focus on cloud-stored data in espionage operations.

Date

Published: Oct. 28, 2024, 8:14 p.m.

Created: Oct. 28, 2024, 8:14 p.m.

Modified: Oct. 29, 2024, 1:28 p.m.

Indicators

ee6a3331c6b8f3f955def71a6c7c97bf86ddf4ce3e75a63ea4e9cd6e20701024

eb540cf9833ab8bd901b48ef258c0e14eb91fb3118fa967a40cd64d8ab417fa9

d7468510a0123f4ecea9cb7c1636a024d3ab96cc856439a924349b00618b87ae

a0fe56ec6eb5cc433fdc9e3537e49b45c90ffe8df409a0f1b5844bc253d209ba

88b0ee7273a91d92c3570dbc67896e15b53ca118d2b45e49a3489605cc26bf24

81044813cf55c2398d7e2179e75c06ed8bcbcfc0328f9e0e2cc0b67e2e3d2e4a

62b72607762e6b67e5bb66a5febadda72ff4fce88f996861b978a58cd418eeb1

73d50eabd0b377e22210490a06ecf2441191558d97ce14ba79517c0e7696318b

419311167faeee927763b67ce00dbd4491f18bb0dbac9236621faec9e6422fa9

3e92f35c3818be05033b9f6716fe4fc30d5a68f6e412422ad7c68c85d4451ae4

174a62201c7e2af67b7ad37bf7935f064a379f169cf257ca16e912a46ecc9841

d9eec27bf827669cf13bfdb7be3fdb0fdf05a26d5b74adecaf2f0a48105ae934

2c0cfe2f4f1e7539b4700e1205411ec084cbc574f9e4710ecd4733fbf0f8a7dc

188.208.141.204

122.10.90.12

122.10.88.226

103.96.128.44

Download all indicators here!

Attack Patterns

Nightdoor

CloudScout

MgBot

Evasive Panda

T1550.004

T1114.002

T1587.001

T1583.004

T1569.002

T1548.002

T1543.003

T1560.001

T1539

T1530

T1095

T1036.005

T1106

T1082

T1140

T1027

T1112

T1041

Additional Informations

Religious

Government

Taiwan