Tag: poisonplug.shadow

3 Attack Reports | 0 Vulnerabilities

Attack reports

Unmasking the Shadow of PoisonPlug's Obfuscator

Since 2022, cyber espionage operations utilizing POISONPLUG.SHADOW have been tracked, employing a custom obfuscating compiler called ScatterBrain. This evolved version of ScatterBee targets entities in Europe and Asia Pacific. POISONPLUG.SHADOW, a variant of the POISONPLUG modular backdoor, uses ad…
cyber espionage
poisonplug.shadow
2025-01-29
poisonplug
poisonplug.deed
scatterbee
scatterbrain
Published: January 29, 2025
Downloadable IOCs: 2

Chinese APT Abuses VSCode to Target Government in Asia

The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …
apt
exfiltration
cyberespionage
shadowpad
poisonplug.shadow
toneshell
2024-09-09
credentialtheft
reverseshell
visualstudiocode
Published: September 9, 2024
Downloadable IOCs: 17

Likely compromise of Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

A government-affiliated Taiwanese research institute specializing in computing technologies experienced a cyber intrusion likely carried out by the Chinese hacking group APT41. The attackers employed ShadowPad malware, Cobalt Strike, and custom tools, exploiting vulnerabilities like CVE-2018-0824 f…
apt
cobalt strike
credential theft
cobaltstrike
shadowpad
data exfiltration
2024-08-02
poisonplug.shadow
CVE-2018-0824
unmarshalpwn
Published: August 2, 2024
Linked vulnerabilities : CVE-2018-0824
Downloadable IOCs: 13
Click here to see more Attack Reports