ShadowPad backdoor deployment
GPTKB entity
Statements (29)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Cyberattack
|
| gptkbp:abilities |
Data exfiltration
Command and control Remote access |
| gptkbp:connectsTo |
Chinese cyber espionage
|
| gptkbp:deliveredBy |
Supply chain compromise
|
| gptkbp:detects |
gptkb:ESET
gptkb:Kaspersky_Lab gptkb:Symantec |
| gptkbp:firstObserved |
2017
|
| https://www.w3.org/2000/01/rdf-schema#label |
ShadowPad backdoor deployment
|
| gptkbp:notableEvent |
CCleaner compromise
NetSarang software compromise |
| gptkbp:origin |
gptkb:China
|
| gptkbp:relatedTo |
gptkb:ShadowPad
|
| gptkbp:target |
Energy sector
Supply chain Windows systems Financial sector Telecommunications sector |
| gptkbp:usedBy |
gptkb:APT41
gptkb:APT10 gptkb:Winnti_Group |
| gptkbp:uses |
Persistence mechanisms
Encrypted communications Modular plugins |
| gptkbp:usesMalware |
Modular backdoor
|
| gptkbp:bfsParent |
gptkb:Operation_Winnti
|
| gptkbp:bfsLayer |
7
|