ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool ShadowPad Winnti

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ShadowPad Winnti

NamesShadowPad Winnti
POISONPLUG.SHADOW
XShellGhost
CategoryMalware
TypeBackdoor
Description(Kaspersky) ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World.
Information<https://www.kaspersky.com/about/press-releases/2017_shadowpad-how-attackers-hide-backdoor-in-software-used-by-hundreds-of-large-companies-around-the-world>
<https://securelist.com/shadowpad-in-corporate-networks/81432/>
<https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf>
<https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf>
<https://labs.sentinelone.com/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/>
<https://www.secureworks.com/research/shadowpad-malware-analysis>
<https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.shadowpad>

Last change to this tool card: 22 February 2025

Download this tool card in JSON format

All groups using tool ShadowPad Winnti

ChangedNameCountryObserved

APT groups

 APT 41China2012-Jul 2025X
 Bronze Butler, Tick, RedBaldNight, Stalker PandaChina2006-Apr 2021X
 Earth KrahangChina2022 
 Earth LuscaChina2019-Sep 2024 
 Icefog, Dagger PandaChina2011-2018/2019 
 Mustang Panda, Bronze PresidentChina2012-Jun 2025 
 RedEchoChina2020 
 RedFoxtrotChina2014-Aug 2021 
 RedHotel, TAG-22China2021-2022 
 Space PiratesChina2017-Nov 2024 
 TAG-38China2021 
 Tonto Team, HartBeat, Karma PandaChina2009-Apr 2023 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Jun 2023 
 Velvet AntChina2023-Jul 2024 

14 groups listed (14 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1227
E-mail [email protected]