shadowpad (3)

10863420697?profile=RESIZE_400xActivity Summary - Week Ending on 4 November 2022:

  • Red Sky Alliance identified 20,715 connections from new IP’s checking in with our Sinkholes
  • Timeweb[.]ru hit 204x
  • Analysts identified 1,260 new IP addresses participating in various Botnets
  • ShadowPad
  • DramaQq
  • British Cyber Spies
  • Small Business Cyber Security
  • German Copper
  • Star Gazing stopped in Chile
  • French Defense Firm Attack
  • Can You Remember ?

Link

Link to full report: IR-22-307-001_weekly308.pdf

10860964468?profile=RESIZE_400xShadowPad is a modular malware platform privately shared with multiple PRC-linked threat actors since 2015.   According to SentinelOne, ShadowPad is highly likely the successor to PlugX.  Due to its prevalence in the cyber espionage field, the VMware Threat Analysis Unit (TAU) was motivated to analyze the command and control (C2) protocol to discover active ShadowPad C2s on the Internet.  C2 Protocol:  ShadowPad supports six C2 protocols: TCP, SSL, HTTP, HTTPS, UDP, and DNS.  In this research[1]

10630504697?profile=RESIZE_400xActivity Summary - Week Ending on 8 July 2022:

  • Red Sky Alliance identified 24,005 connections from new IP’s checking in with our Sinkholes
  • DigitalOcean hit 103 x
  • Analysts identified 1,557 new IP addresses participating in various Botnets
  • ShadowPad
  • ToddyCat
  • Toll Fraud Malware
  • Marriott International
  • Ukraine, Dark Crystal RAT
  • Crema Finance
  • Maui Ransomware

Link to full report: IR-22-189-001_weekly189.pdf