ShadowPad backdoor deployment

GPTKB entity

Statements (29)
Predicate Object
gptkbp:instanceOf Cyberattack
gptkbp:abilities Data exfiltration
Command and control
Remote access
gptkbp:connectsTo Chinese cyber espionage
gptkbp:deliveredBy Supply chain compromise
gptkbp:detects gptkb:ESET
gptkb:Kaspersky_Lab
gptkb:Symantec
gptkbp:firstObserved 2017
https://www.w3.org/2000/01/rdf-schema#label ShadowPad backdoor deployment
gptkbp:notableEvent CCleaner compromise
NetSarang software compromise
gptkbp:origin gptkb:China
gptkbp:relatedTo gptkb:ShadowPad
gptkbp:target Energy sector
Supply chain
Windows systems
Financial sector
Telecommunications sector
gptkbp:usedBy gptkb:APT41
gptkb:APT10
gptkb:Winnti_Group
gptkbp:uses Persistence mechanisms
Encrypted communications
Modular plugins
gptkbp:usesMalware Modular backdoor
gptkbp:bfsParent gptkb:Operation_Winnti
gptkbp:bfsLayer 7