ShadowPad backdoor deployment
GPTKB entity
Statements (29)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Cyberattack
|
gptkbp:abilities |
Data exfiltration
Command and control Remote access |
gptkbp:connectsTo |
Chinese cyber espionage
|
gptkbp:deliveredBy |
Supply chain compromise
|
gptkbp:detects |
gptkb:ESET
gptkb:Kaspersky_Lab gptkb:Symantec |
gptkbp:firstObserved |
2017
|
https://www.w3.org/2000/01/rdf-schema#label |
ShadowPad backdoor deployment
|
gptkbp:notableEvent |
CCleaner compromise
NetSarang software compromise |
gptkbp:origin |
gptkb:China
|
gptkbp:relatedTo |
gptkb:ShadowPad
|
gptkbp:target |
Energy sector
Supply chain Windows systems Financial sector Telecommunications sector |
gptkbp:usedBy |
gptkb:APT41
gptkb:APT10 gptkb:Winnti_Group |
gptkbp:uses |
Persistence mechanisms
Encrypted communications Modular plugins |
gptkbp:usesMalware |
Modular backdoor
|
gptkbp:bfsParent |
gptkb:Operation_Winnti
|
gptkbp:bfsLayer |
7
|