dmpdump4d ago
aaf4ccceca88bb874b8db6c30162c6ce13a3d5bf84fb5a2bcf61270445eef3e9
LNK > VBS > DLL side-loading > #SNOWLIGHT ( #VShell Stager)
Fisher-Yates shuffling of shellcode with constant seed for rand()
C2: dns1.alidoh[.]com
The Threat CodexMay 6
UAT-8302 and its box full of malware
#UAT_8302 #NetDraft #Vshell #SNOWLIGHT #SNAPPYBEE #Zingdoor
https://blog.talosintelligence.com/uat-8302/
UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.

Cisco Talos Blog
Show threadSekoia.ioDec 15

In the third part of our series “Advent of Configuration Extraction”, we dissect #SNOWLIGHT, a lightweight ELF downloader designed to retrieve and execute a remote payload on #Linux systems.

https://buff.ly/Crz8rDh

The Threat CodexDec 14
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
#CVE_2025_55182 #MINOCAT #SNOWLIGHT #HISONIC #COMPOOD #EarthLamia #JACKPOTPANDA #UNC6600 #UNC6586 #UNC6588 #UNC6603 #UNC6595
https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-exploit-react2shell-cve-2025-55182
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) | Google Cloud Blog

Widespread exploitation of the React2Shell vulnerability (CVE-2025-55182) by multiple threat actors, including China and cyber criminals.

Google Cloud Blog
The Threat CodexMay 16, 2025
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
#CVE_2025_31324 #UNC5221 #UNC5174 #CL_STA_0048 #SNOWLIGHT
https://blog.eclecticiq.com/china-nexus-nation-state-actors-exploit-sap-netweaver-cve-2025-31324-to-target-critical-infrastructures
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures

EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer.

CurnyApr 28, 2025

#Angriffe auf #Linux mit #Snowlight und #VShell

https://www.security-insider.de/unc5174-hackergruppe-angriffe-linux-systeme-snowlight-malware-a-4742febffb36ab5acc30d132fa7f6351/

Angriffe auf Linux mit Snowlight und VShell

Die chinesische Hackergruppe UNC5174/Uteus/Uetus greift aktuell mit Malware Linux-Systeme an. Zum Einsatz kommen die Malware Snowlight und das Tool VShell.

Security-Insider
PiaApr 22, 2025
"Infrastructure risks have also been prominent, w/vulnerabilities in ASUS routers & critical ICS devices from Schneider Electric & Yokogawa exposing sectors like #energy & manufacturing to..." digitalfrontierpartners.com.au/news/latest-... RU #APT29 Android #NFC China #UNC5221 #SNOWLIGHT #TONESHELL

Latest Sophisticated Attacks a...
Bluesky

Bluesky Social
warpspaceDec 8, 2023
#Snowlight