ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)

ShadowPad is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be exclusively used by APT41, but has since been observed to be used by various Chinese threat activity groups. ^{[Recorded Future RedEcho Feb 2021]}^{[Securelist ShadowPad Aug 2017]}^{[Kaspersky ShadowPad Aug 2017]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	Earth Lusca (646e35d2-75de-4c1d-8ad3-616d3e155c5e)	Tidal Groups	1
Tonto Team (9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
Tropic Trooper (0a245c5e-c1a8-480f-8655-bb2594e3266b)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
Aquatic Panda (b8a349a6-cde1-4d95-b20f-44c62bbfc786)	Tidal Groups	ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)	Tidal Software	BRONZE BUTLER (5825a840-5577-4ffc-a08d-3f48d64395cb)	Tidal Groups	1