ShadowPad
MITRE
Tipo Malware:
Other
Other
Prima attivita:
Unknown
Unknown
Ultima attivita:
Unknown
Unknown
Dettagli:
[ShadowPad](https://attack.mitre.org/software/S0596) is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be exclusively used by [APT41](https://attack.mitre.org/groups/G0096), but has since been observed to be used by various Chinese threat activity groups. (Citation: Recorded Future RedEcho Feb 2021)(Citation: Securelist ShadowPad Aug 2017)(Citation: Kaspersky ShadowPad Aug 2017)
Tecniche Associate (21)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1016 | System Network Configuration Discovery | - |
| T1027 | Obfuscated Files or Information | - |
| T1027.011 | Fileless Storage | - |
| T1029 | Scheduled Transfer | - |
| T1033 | System Owner/User Discovery | - |
| T1055 | Process Injection | - |
| T1055.001 | Dynamic-link Library Injection | - |
| T1057 | Process Discovery | - |
| T1070 | Indicator Removal | - |
| T1071.001 | Web Protocols | - |
| T1071.002 | File Transfer Protocols | - |
| T1071.004 | DNS | - |
| T1082 | System Information Discovery | - |
| T1095 | Non-Application Layer Protocol | - |
| T1105 | Ingress Tool Transfer | - |
Alias (105)
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
POISONPLUG.SHADOW
Usato da Attori (8)
Metadata
| ID: | 643 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |