ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

By Yi-Jhen Hsieh & Joey Chen

Executive Summary

ShadowPad is a privately sold modular malware platform –rather than an open attack framework– with plugins sold separately.

ShadowPad is still regularly updated with more advanced anti-detection and persistence techniques.

It’s used by at least four clusters of espionage activity. ShadowPad was the primary backdoor for espionage operations in multiple campaigns, including the CCleaner, NetSarang, and ASUS supply-chain attacks.

The adoption of S…

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

Mediator – An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture

SharpSystemTriggers: Collection of remote authentication triggers in C#

Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits

SharpSelfDelete: C# implementation of a method to delete a locked file, or current running executable, on disk

Editor Picks

Threat Hunting With Yara Rules

Certified Pre-Owned Detection Ideas

Defining Cobalt Strike Components So You Can BEA-CONfident in Your Analysis

Must read

SharpSystemTriggers: Collection of remote authentication triggers in C#

Webdiscover – The Purpose Of This Script Is To Automate The Web Enumeration Process And Search For Exploits

SharpSelfDelete: C# implementation of a method to delete a locked file, or current running executable, on disk

Popular categories