{
	"id": "0cbb0e60-061a-462f-946e-9bb53c65247a",
	"created_at": "2026-04-06T00:15:23.737853Z",
	"updated_at": "2026-04-10T13:11:25.003726Z",
	"deleted_at": null,
	"sha1_hash": "f203ff9c9404df74489d9bc1206163083c9e6e99",
	"title": "Rewterz Threat Alert – SharpPanda Chinese APT Group Targets Southeast Asian Government - Active IOCs - Rewterz",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 199884,
	"plain_text": "Rewterz Threat Alert – SharpPanda Chinese APT Group Targets\r\nSoutheast Asian Government - Active IOCs - Rewterz\r\nPublished: 2022-01-25 · Archived: 2026-04-05 12:57:30 UTC\r\nSeverity\r\nHigh\r\nAnalysis Summary\r\nSharpPanda, the Chinese advanced persistent (APT) threat actor that has been active since at least 2018, has\r\nreinforced its cyber warfare activities. SharpPanda APT attacks and targets Southeast Asian government users with\r\ntemplate injection of malicious documents. The attackers use spear-phishing to gain initial access and leverage old\r\nMicrosoft Office vulnerabilities together with the chain of in-memory loaders to attempt and install a previously\r\nunknown backdoor on the victim’s machines. Upon opening the document, it connects back to the hacker’s server\r\nto download the payload file.\r\nThe investigation starts from the campaign of malicious DOCX documents that are sent to different employees of\r\na government entity in Southeast Asia. In some cases, the emails are spoofed to look like they were from other\r\ngovernment-related entities. The attachments to these emails are weaponized copies of legitimate-looking official\r\ndocuments and use the remote template technique to pull the next stage from the attacker’s server.\r\nImpact\r\nhttps://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs\r\nPage 1 of 3\n\nTemplate Injection\r\nExposure of Sensitive Data\r\nIndicators of Compromise\r\nIP\r\n45[.]91[.]225[.]139\r\n107[.]148[.]165[.]151\r\n45[.]121[.]146[.]88\r\nMD5\r\n1e9f1746c2dbea0df5017afdf8b94189\r\nd598749a8c86b1cdd313ff6c86626c86\r\nd843b58f31c687d22de09a6765b3ba3b\r\n51205f6ca73745b97b77095a2bfd7091\r\n8bcea4940166222eff5c4ed897e5cccf\r\n31565db2614bb5de2baf1a5c07771860\r\n24448ffdb1a8ba9a9202a9c7178301c4\r\nfc51ba4706ac462d2fec8ba2be04dc1d\r\n494a01d421997040de3583b3e08212a7\r\nf706f042c1953a9cea932d3cd770b2ad\r\neff68f1096ae56ae94f439a8e5effe3d\r\nSHA-256\r\n6f66faf278b5e78992362060d6375dcc2006bcee29ccc19347db27a250f81bcd\r\n0c346972a2ccebb2642ced34213f43595896da233f06f6251967517ae342908f\r\nd198c4d82eba42cc3ae512e4a1d4ce85ed92f3e5fdff5c248acd7b32bd46dc75\r\n0752c24ded7cc434a56fdd10c4f2c45144ca53252192e21cfa4cee3a5ad68796\r\n928f540c9658a458edc649371e178a7c83e2a9291f5b23ae326c3d64bfa902c6\r\n4cc521b470d08c9684cd15ffac032accd50439b81873ee2d87897ab8c495744b\r\n0e8fb748cd58ab2fa754e2fa16e4390327a10593ca72bb6a3b90a1885cbe5387\r\nSHA-1\r\nf9d958c537b097d45b4fca83048567a52bb597bf\r\n417e4274771a9614d49493157761c12e54060588\r\n176a0468dd70abe199483f1af287e5c5e2179b8c\r\n8bad3d47b2fc53dc6f9e48debac9533937c32609\r\naa5458bdfefe2a97611bb0fd9cf155a06f88ef5d\r\n0726e56885478357de3dce13efff40bfba53ddc2\r\nhttps://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs\r\nPage 2 of 3\n\nRemediation\r\nBlock the threat indicators at their respective controls.\r\nSearch for IOCs in your environment.\r\nSource: https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-i\r\nocs\r\nhttps://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs"
	],
	"report_names": [
		"rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs"
	],
	"threat_actors": [
		{
			"id": "8a3bd03a-f69b-455b-b88b-3842a3528bfd",
			"created_at": "2022-10-25T16:07:24.178007Z",
			"updated_at": "2026-04-10T02:00:04.89066Z",
			"deleted_at": null,
			"main_name": "SharpPanda",
			"aliases": [
				"Sharp Dragon",
				"SharpPanda"
			],
			"source_name": "ETDA:SharpPanda",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"RoyalRoad",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e7ef34b6-e7b6-46f3-8dd8-2708c1659cd6",
			"created_at": "2023-11-08T02:00:07.107758Z",
			"updated_at": "2026-04-10T02:00:03.415268Z",
			"deleted_at": null,
			"main_name": "SharpPanda",
			"aliases": [
				"Sharp Dragon"
			],
			"source_name": "MISPGALAXY:SharpPanda",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434523,
	"ts_updated_at": 1775826685,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f203ff9c9404df74489d9bc1206163083c9e6e99.pdf",
		"text": "https://archive.orkl.eu/f203ff9c9404df74489d9bc1206163083c9e6e99.txt",
		"img": "https://archive.orkl.eu/f203ff9c9404df74489d9bc1206163083c9e6e99.jpg"
	}
}