ShadowPad is a modular malware platform privately shared with multiple PRC-linked threat actors since 2015. According to SentinelOne, ShadowPad is highly likely the successor to PlugX. Due to its prevalence in the cyber espionage field, the VMware Threat Analysis Unit (TAU) was motivated to analyze the command and control (C2) protocol to discover active ShadowPad C2s on the Internet. C2 Protocol: ShadowPad supports six C2 protocols: TCP, SSL, HTTP, HTTPS, UDP, and DNS. In this research[1]
plugx (3)
When one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally? I will let the philosophers answer this question. A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war. Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused
Activity Summary - Week Ending 5 March 2021:
- Fair Deal Furniture in Mombasa Kenya still is Keylogged
- Red Sky Alliance identified 35,371 connections from new unique IP Addresses
- Analysts identified 3,001 new IP addresses participating in various Botnets
- SIM Swapping – easier than a Malware Attack
- Silver Sparrow flying around inside Apple
- Javali Banking Trojan
- PlugX and RedEcho
- A Kia Hit
- Oh Canada – Bombidier, GlobalEye and Enterprise Oh !!
- Don’t get Stung by Lithuanian CityBee
- The Darkside Hacke
