 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: ShadowPad Winnti| Names | ShadowPad Winnti POISONPLUG.SHADOW XShellGhost | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Kaspersky) ShadowPad: How Attackers hide Backdoor in Software used by Hundreds of Large Companies around the World. | |
| Information | <https://www.kaspersky.com/about/press-releases/2017_shadowpad-how-attackers-hide-backdoor-in-software-used-by-hundreds-of-large-companies-around-the-world> <https://securelist.com/shadowpad-in-corporate-networks/81432/> <https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf> <https://st.drweb.com/static/new-www/news/2020/october/Study_of_the_ShadowPad_APT_backdoor_and_its_relation_to_PlugX_en.pdf> <https://labs.sentinelone.com/shadowpad-a-masterpiece-of-privately-sold-malware-in-chinese-espionage/> <https://www.secureworks.com/research/shadowpad-malware-analysis> <https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.shadowpad> | |
Last change to this tool card: 22 February 2025
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 41 |  | 2012-Aug 2024 |  | ||
| Bronze Butler, Tick, RedBaldNight, Stalker Panda | | 2006-Apr 2021 | | ||
| Earth Krahang | | 2022 | |||
| Earth Lusca | | 2019-Sep 2024 | |||
| Icefog, Dagger Panda | | 2011-2018/2019 | |||
| Mustang Panda, Bronze President | | 2012-Feb 2025  | |||
| RedEcho | | 2020 | |||
| RedFoxtrot | | 2014-Aug 2021 | |||
| RedHotel, TAG-22 | | 2021 | |||
| Space Pirates | | 2017-Nov 2024 | |||
| TAG-38 | | 2021 | |||
| Tonto Team, HartBeat, Karma Panda | | 2009-Apr 2023 | |||
| Tropic Trooper, Pirate Panda, APT 23, KeyBoy | | 2011-Jun 2023 | |||
| Velvet Ant | | 2023-Jul 2024 | |||
14 groups listed (14 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |