Earth Minotaur, a threat actor targeting Tibetan and Uyghur communities, utilizes the MOONSHINE exploit kit to compromise Android devices and install the DarkNimbus backdoor. The exploit kit targets vulnerabilities in instant messaging apps, particularly WeChat, and has been updated with new exploits since 2019. DarkNimbus, an unreported Android backdoor with a Windows version, allows for comprehensive surveillance. The attack chain involves social engineering tactics, exploiting Chromium-based vulnerabilities, and implanting a trojanized XWalk browser core. The backdoor supports various data collection and device control features. Earth Minotaur appears to be a distinct intrusion set from previously reported groups, though connections to other Chinese operations are noted. Author: AlienVault
Related Tags:
DarkNimbus
MOONSHINE
POISONPLUG.SHADOW
ShadowPad – S0596
T1204.001
T1056.001
T1059.004
China
ShadowPad
Associated Indicators:
1B6345D855DB824E594F28E86E5ABB04E0478923E51A3718CFF80C42190CFF6C
95DA35098D6167C23BDB1901024614D3658FA78B34AE11612EC7ABDFD92C92A0
154182453F425512010C68F351E09D3DEBD2F79B12F064B780C3D37809110FAB
E43B1396419D1954A9911FBA1EBEC3EB24B27C3B461394B678F89848981F5F8D
B5040D7CA5E9CDC331CC3FB9ABED492BE95AD872EB95176AC5BC3DEF169191E5
D65AD9C034CDD188DD566BEA220ED07C1ED5D0DD2AC61897C82589EFAC9E75C5
5AF767C90035A88D9A4D329C24631DE21BA0A9481E0E540E058C9CFA4709A7A2
405C1BD8E829486625C9E5F5ACF2A18FB17ABE375AE87803E34AAAE91646770E
E7309EFE719765FDC47F0BBF446A310D1A80A5CDADACED68054B3136B6776667