ioc[.]one - OSINT Cyber Threat Intelligence Database

Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad

Tags

country:	Afghanistan Pakistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Powershell - T1086 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	30c14d63-82e1-47d8-b40a-07e036c2e9c4
Fingerprint	6be35f344b10731
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 14, 2023, midnight
Added to db	Aug. 12, 2023, 1:47 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad
Title	Possible Supply Chain Attack Targeting Pakistani Government Delivers Shadowpad
Detected Hints/Tags/Attributes	91/3/41

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/g/supply-chain-attack-targeting-pakistani-government-delivers-shad.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	4	telerik.windows.data
Details	Domain	2	csp.live
Details	Domain	7	live.musicweb.xyz
Details	Domain	7	obo.videocenter.org
Details	Domain	2	social.msdn.microsoft.com
Details	Domain	1	backdoor.win64.shadowpad.as
Details	Domain	1	tech.learningstudy.xyz
Details	File	15	windows.dat
Details	File	3	validation.dll
Details	File	68	mscoree.dll
Details	File	48	applaunch.exe
Details	File	1018	rundll32.exe
Details	File	2	c:\windows\help\1019.rar
Details	File	1	1019.rar
Details	File	25	log.dll
Details	File	7	iviewers.dll
Details	sha256	2	253f474aa0147fdcf88beaae40f3a23bdadfc98b8dd36ae2d81c387ced2db4f1
Details	sha256	2	c1feef03663a9aa920a9ab4eb2ab7adadb3f2a60db23a90e5fe9b949d4ec22b6
Details	sha256	2	4e3a455e7f0b8f34385cd8320022719a8fc59d8bc091472990ac9a56e982a965
Details	sha256	2	17272a56cbf8e479c085e88fe22243685fac2bc041bda26554aa716287714466
Details	sha256	2	c35b8514e3b2649e17c13fd9dc4796dbc52e38e054d518556c82e6df38ca4c1b
Details	sha256	2	d6f184dae03d4ddae8e839dd2161d9cd03d3b25421b4795edab0f5ad9850d091
Details	sha256	2	f8c5feaae3f8e4bfb37edf4e05d1ee91797023bdf71e1c45ed2711861b300f37
Details	sha256	2	0122734490fe4dfb287d34394667d81ab46e0d05d4569d06a41f0f3c3a36448c
Details	sha256	2	bdc6a2985a07ef3c5d2ef2a0eb53afdfdbf757bfa080e8b77ba4b47c1a99b423
Details	sha256	2	4805a7a386fac1af9a80ab24d95ebf4699c35a7c38fcf3eefa571b9d67d7bf45
Details	sha256	2	8b5e918595c27db3bcafd59a86045605837bc5843c938039852218d72cf2c253
Details	sha256	2	953e3ed35d84c4a7c4a599f65b2fbd6475b474e9b4bf85581255f1d81d2b5e4e
Details	sha256	2	6dea7f976a3dc359e630ab5e85fa69f114fc046dcc363598e998e1ef9751bbed
Details	sha256	2	7e8c6961a10c95a5d97aece92c2e2d974d63ede98196413cc0cf033f92084f53
Details	sha256	2	dde04eaac96964e86b8734f67f3b6741505fdc5e177dd58e85da12a8120a44bf
Details	sha256	2	16c6558634759e6efd4581de60cc2050d99a53245c6abde3d38fc140204777e9
Details	sha256	2	05ed1feda4a1684f8f7907644500948f4488a60ecb0740f708e08c1812b7f122
Details	sha256	2	225b0adce4fab783d0962852894482e7452e5483bf955757cb25e6a26c3d3b38
Details	IPv4	3	10.2.101.110
Details	IPv4	1	158.247.230.255
Details	IPv4	1	45.76.144.182
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	2	https://10.2.101.110:50000/vi/application/checkforapplicationupdate/1
Details	Url	1	https://10.2.101.110:50000/5be96b824c4ad5a.
Details	Url	1	http://158.247.230.255/1019.rar