Today > | 9 High | 16 Medium vulnerabilities   -   You can now download lists of IOCs here!

MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur's Multi-Platform Attacks

Dec. 5, 2024, 10:24 a.m.

Tags
backdoor
android
shadowpad
2024-12-05
exploit kit
darknimbus
moonshine
External References
Description

Earth Minotaur, a threat actor targeting Tibetan and Uyghur communities, utilizes the MOONSHINE exploit kit to compromise Android devices and install the DarkNimbus backdoor. The exploit kit targets vulnerabilities in instant messaging apps, particularly WeChat, and has been updated with new exploits since 2019. DarkNimbus, an unreported Android backdoor with a Windows version, allows for comprehensive surveillance. The attack chain involves social engineering tactics, exploiting Chromium-based vulnerabilities, and implanting a trojanized XWalk browser core. The backdoor supports various data collection and device control features. Earth Minotaur appears to be a distinct intrusion set from previously reported groups, though connections to other Chinese operations are noted.

Date

Published: Dec. 5, 2024, 7:31 a.m.

Created: Dec. 5, 2024, 7:31 a.m.

Modified: Dec. 5, 2024, 10:24 a.m.

Attack Patterns

DarkNimbus

MOONSHINE

POISONPLUG.SHADOW

ShadowPad - S0596

Earth Minotaur

T1125

T1552.001

T1539

T1204.001

T1189

T1059.004

T1056.001

T1555

T1113

T1123

T1005

T1518

T1203

T1057

T1083

T1595

T1033

T1190

Additional Informations

China