Study of the ShadowPad APT backdoor and its relation to PlugX
Tags
| country: | Kazakhstan Kyrgyzstan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | d61eaac0-687b-442e-bbd3-488c8d204c94 |
| Fingerprint | c7a0019b09bb049f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 27, 2020, midnight |
| Added to db | April 15, 2023, 12:57 p.m. |
| Last updated | Nov. 17, 2024, 6:30 p.m. |
| Headline | UNKNOWN |
| Title | Study of the ShadowPad APT backdoor and its relation to PlugX |
| Detected Hints/Tags/Attributes | 35/3/11 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://news.drweb.com/show/?i=14048&lng=en |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | www.pneword.net |
|
| Details | Domain | 2 | www.mongolv.com |
|
| Details | Domain | 2 | www.arestc.net |
|
| Details | Domain | 2 | www.icefirebest.com |
|
| Details | File | 14 | backdoor.pl |
|
| Details | sha256 | 3 | ac6938e03f2a076152ee4ce23a39a0bfcd676e4f0b031574d442b6e2df532646 |
|
| Details | sha256 | 1 | 9135cdfd09a08435d344cf4470335e6d5577e250c2f00017aa3ab7a9be3756b3 |
|
| Details | sha256 | 1 | 2c4bab3df593ba1d36894e3d911de51d76972b6504d94be22d659cff1325822e |
|
| Details | sha256 | 1 | 3ff98ed63e3612e56be10e0c22b26fc1069f85852ea1c0b306e4c6a8447c546a |
|
| Details | sha256 | 1 | b8a13c2a4e09e04487309ef10e4a8825d08e2cd4112846b3ebda17e013c97339 |
|
| Details | sha256 | 1 | 32e95d80f96dae768a82305be974202f1ac8fcbcb985e3543f29797396454bd1 |