Rewterz Threat Alert – SharpPanda Chinese APT Group Targets
Southeast Asian Government - Active IOCs - Rewterz
Published: 2022-01-25 · Archived: 2026-04-05 12:57:30 UTC
Severity
High
Analysis Summary
SharpPanda, the Chinese advanced persistent (APT) threat actor that has been active since at least 2018, has
reinforced its cyber warfare activities. SharpPanda APT attacks and targets Southeast Asian government users with
template injection of malicious documents. The attackers use spear-phishing to gain initial access and leverage old
Microsoft Office vulnerabilities together with the chain of in-memory loaders to attempt and install a previously
unknown backdoor on the victim’s machines. Upon opening the document, it connects back to the hacker’s server
to download the payload file.
The investigation starts from the campaign of malicious DOCX documents that are sent to different employees of
a government entity in Southeast Asia. In some cases, the emails are spoofed to look like they were from other
government-related entities. The attachments to these emails are weaponized copies of legitimate-looking official
documents and use the remote template technique to pull the next stage from the attacker’s server.
Impact
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs
Page 1 of 3

Template Injection
Exposure of Sensitive Data
Indicators of Compromise
IP
45[.]91[.]225[.]139
107[.]148[.]165[.]151
45[.]121[.]146[.]88
MD5
1e9f1746c2dbea0df5017afdf8b94189
d598749a8c86b1cdd313ff6c86626c86
d843b58f31c687d22de09a6765b3ba3b
51205f6ca73745b97b77095a2bfd7091
8bcea4940166222eff5c4ed897e5cccf
31565db2614bb5de2baf1a5c07771860
24448ffdb1a8ba9a9202a9c7178301c4
fc51ba4706ac462d2fec8ba2be04dc1d
494a01d421997040de3583b3e08212a7
f706f042c1953a9cea932d3cd770b2ad
eff68f1096ae56ae94f439a8e5effe3d
SHA-256
6f66faf278b5e78992362060d6375dcc2006bcee29ccc19347db27a250f81bcd
0c346972a2ccebb2642ced34213f43595896da233f06f6251967517ae342908f
d198c4d82eba42cc3ae512e4a1d4ce85ed92f3e5fdff5c248acd7b32bd46dc75
0752c24ded7cc434a56fdd10c4f2c45144ca53252192e21cfa4cee3a5ad68796
928f540c9658a458edc649371e178a7c83e2a9291f5b23ae326c3d64bfa902c6
4cc521b470d08c9684cd15ffac032accd50439b81873ee2d87897ab8c495744b
0e8fb748cd58ab2fa754e2fa16e4390327a10593ca72bb6a3b90a1885cbe5387
SHA-1
f9d958c537b097d45b4fca83048567a52bb597bf
417e4274771a9614d49493157761c12e54060588
176a0468dd70abe199483f1af287e5c5e2179b8c
8bad3d47b2fc53dc6f9e48debac9533937c32609
aa5458bdfefe2a97611bb0fd9cf155a06f88ef5d
0726e56885478357de3dce13efff40bfba53ddc2
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs
Page 2 of 3

Remediation
Block the threat indicators at their respective controls.
Search for IOCs in your environment.
Source: https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-i
ocs
https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sharppanda-chinese-apt-group-targets-southeast-asian-government-active-iocs
Page 3 of 3