ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

By Yi-Jhen Hsieh & Joey Chen

Executive Summary

ShadowPad is a privately sold modular malware platform –rather than an open attack framework– with plugins sold separately.

ShadowPad is still regularly updated with more advanced anti-detection and persistence techniques.

It’s used by at least four clusters of espionage activity. ShadowPad was the primary backdoor for espionage operations in multiple campaigns, including the CCleaner, NetSarang, and ASUS supply-chain attacks.

The adoption of S…

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

Raven – Advanced Cyber Threat Map (Simplified, Customizable, Responsive)

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Editor Picks

Hunting for samAccountName Spoofing (CVE-2021–42278) & Domain Controller Impersonation

Introducing VirusTotal Collections

Kitten.gif: Meet the Sabbath Ransomware Affiliate Program, Again

Must read

Free Micropatches for “RemotePotato0”, a “WON’T FIX” Local Privilege Escalation Affecting all Windows Systems

ParallelNimcalls: Nim version of MDSec’s Parallel Syscall PoC

AlphaGolang – IDApython Scripts For Analyzing Golang Binaries

Popular categories