216.73.217.22

SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh

· Published 03/03/2026 11:11 · Modified 03/03/2026 17:14

Export JSON

Essential information

Published
03/03/2026 11:11
Modified
03/03/2026 17:14
Tags
2026-03-03 bangladesh burrowshell clickonce cloudflare workers cyber espionage dll sideloading geopolitical conflict havoc pakistan rust rat
Related entities
19 observables, 1 intrusion sets (apt), 19 techniques (mitre), 2 malware, 8 others

Description

An extensive campaign conducted by SloppyLemming, an India-nexus threat actor, targeted government entities and critical infrastructure in and from January 2025 to January 2026. The campaign used two attack vectors: PDF lures with execution chains and macro-enabled Excel documents. It deployed a custom x64 shellcode implant named and a Rust-based keylogger. The attackers extensively abused for C2 and payload delivery, registering 112 domains impersonating government entities. The campaign focused on nuclear, defense, telecommunications, energy, and financial sectors, aligning with regional strategic competition in South Asia.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (19)

  • 67c341e187ddfcd5a4a7df8743ae82e72db1e5c3747d5c4e185d99f54182f093
  • 6ea8fd10725676c886692d3acda9782e044c9f3988276360c87559dcaf1a3123
  • c57baa17321257ea1915ba0336a89f63975e6ed612a89c9888be7067222bef38
  • d071ea65ea30df38623afe959ccc142f14dc4659dce21c2d7195e31245ee2df1
  • 8faeea306a331d86ce1acb92c8028b4322efbd11a971379ba81a6b769ff5ac4b
  • c4cea4147719c3abe7eb6c7c7e3420480361773b602d4270af0a607d29f8771f
  • bb83cd7ebe75cf62f06859ab2166a35a16cac924f874109b78dd5c4b653d6d44
  • 3269829b50da5b3c4120a103ef72b09a8bbbf258ab3086ca24b2aa24dc00039b
  • c603e7a1018f7b3a168404bcf2f709950c4e29e0596c78823647baaadaf317c7
  • 1f79f88e97e60bc431ab641ccbbfb09e9d2633d258d3d4bc8b0cb5b9adbc9a4a
  • 4f1628821c13cc27fd4134301cc93a1ad32b2a3f7066c3d90f7ba89e02180754
  • 81d1a62c00724c1dfbc05a79ac4ae921c459350a2a4a93366c0842fadc40b011
  • 9dca24630c06463a01ca6d38b73987589bbe68650b0ff893770eab9ff6ec581a
  • 7a34070f98bd129764f053d8003b402975f73e85da87eebdfcc718ac7c8bb0bb
  • 7e16fc7603e450b28f06e55748ef65204f8685b0f75e963da997192fdec5f96e
  • 87822f0b579c6c123c72971ee524a2d977ba4f02027f32d57a533d8f123183c3
  • 1946315d645d9a8c5114759b350ec4f85dba5f9ee4a63d74437d7a068bff7752
  • f46dd8154f963a8d49c4503bcfb93caf6551f4c845377c95fdde52ce9ca9798b
  • 3dbf64da37616acbe16bc6bd06a320fed416c4c8ec37a04f811a32389af3d46c

Intrusion sets (APT) (1)

  • SloppyLemming
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:24 · Modified 21/12/2025 07:24

Techniques (MITRE) (19)

Malware (2)

  • Havoc
    Family
    Published 08/06/2026 10:30 · Modified 08/06/2026 10:30
  • BurrowShell
    Family
    Published 03/03/2026 11:11 · Modified 03/03/2026 11:11

Others (8)

  • Pakistan
  • Bangladesh
  • Sri Lanka
  • Energy
  • Finance
  • Telecommunications
  • Defense
  • Government

External references