S0596Windows

S0596ShadowPad

Platforms
1
ATT&CK
14.1
References
5

Description

[ShadowPad](https://attack.mitre.org/software/S0596) is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be exclusively used by [APT41](https://attack.mitre.org/groups/G0096), but has since been observed to be used by various Chinese threat activity groups. (Citation: Recorded Future RedEcho Feb 2021)(Citation: Securelist ShadowPad Aug 2017)(Citation: Kaspersky ShadowPad Aug 2017)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT41g009695%live

References

  1. https://attack.mitre.org/software/S0596
  2. https://www.mandiant.com/sites/default/files/2022-02/rt-apt41-dual-operation.pdf
  3. https://securelist.com/shadowpad-in-corporate-networks/81432/
  4. https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf
  5. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/08/07172148/ShadowPad_technical_description_PDF.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
EVILNUM
Software
ShimRat
Software
SDBbot
Software
RDAT
Software
SYSCON
Software
SharpStage
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.