Hide Navigation Hide TOC

ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)

ShadowPad is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be exclusively used by APT41, but has since been observed to be used by various Chinese threat activity groups. ^{[Recorded Future RedEcho Feb 2021][Securelist ShadowPad Aug 2017][Kaspersky ShadowPad Aug 2017]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	Stately Taurus (62f010b9-707f-4161-99dc-69e3c6e54e13)	Tidal Groups	1
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	BRONZE BUTLER (5825a840-5577-4ffc-a08d-3f48d64395cb)	Tidal Groups	1
Earth Lusca (646e35d2-75de-4c1d-8ad3-616d3e155c5e)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	Tonto Team (9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c)	Tidal Groups	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	RedEcho (a6dea520-12ab-5c7b-8142-db3a308122de)	Tidal Groups	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	Tropic Trooper (0a245c5e-c1a8-480f-8655-bb2594e3266b)	Tidal Groups	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	Aquatic Panda (b8a349a6-cde1-4d95-b20f-44c62bbfc786)	Tidal Groups	1