|
gptkbp:instanceOf
|
gptkb:malware
|
|
gptkbp:abilities
|
remote access
data exfiltration
command and control communication
modular plugin system
process injection
file manipulation
keylogging
|
|
gptkbp:category
|
gptkb:cyber_espionage_tool
advanced persistent threat tool
|
|
gptkbp:developedBy
|
gptkb:Chinese_threat_actors
|
|
gptkbp:discoveredBy
|
gptkb:Kaspersky_Lab
gptkb:Symantec
|
|
gptkbp:encryption
|
gptkb:RC4
gptkb:AES
custom encryption
|
|
gptkbp:firstObserved
|
2015
|
|
gptkbp:industry
|
gptkb:energy
gptkb:government
finance
supply chain
telecommunications
|
|
gptkbp:language
|
gptkb:C++
|
|
gptkbp:notableEvent
|
gptkb:CCleaner_supply_chain_attack
NetSarang supply chain attack
|
|
gptkbp:persistenceMechanism
|
registry modification
scheduled tasks
|
|
gptkbp:platform
|
gptkb:Windows
|
|
gptkbp:relatedTo
|
gptkb:PlugX
gptkb:Winnti
gptkb:Cobalt_Strike
|
|
gptkbp:status
|
active
|
|
gptkbp:supportsProtocol
|
gptkb:HTTP
HTTPS
DNS tunneling
|
|
gptkbp:type
|
modular backdoor
|
|
gptkbp:usedBy
|
gptkb:APT41
gptkb:Bronze_Atlas
gptkb:APT17
gptkb:Winnti_Group
|
|
gptkbp:usesMalware
|
gptkb:ShadowPad
|
|
gptkbp:bfsParent
|
gptkb:Operation_Winnti
gptkb:PlugX
gptkb:TA-61
|
|
gptkbp:bfsLayer
|
7
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
ShadowPad
|