New malware variant has “radio silence” mode to evade detection


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework.

The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs.

Check Point identified a new campaign using the malware that started in late 2022 and continues through 2023, employing spear-phishing attacks for initial compromise.

The use of the RoyalRoad RTF kit, C2 server addresses, and the hacker's working hours allowed Check Point to attribute the latest espionage operation to state-backed Chinese hackers. The TTPs and tools are consistent with previously seen activities by Sharp Panda.

The new Sharp Panda campaign uses spear-phishing emails with malicious DOCX file attachments that deploy the RoyalRoad RTF kit to attempt to exploit older vulnerabilities to drop malware on the host.

Infection chain

Infection chain (Check Point)

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.