Skip to content

Hide Navigation Hide TOC

ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab)

ShadowPad is a modular backdoor that was first identified in a supply chain compromise of the NetSarang software in mid-July 2017. The malware was originally thought to be exclusively used by APT41, but has since been observed to be used by various Chinese threat activity groups. [Recorded Future RedEcho Feb 2021][Securelist ShadowPad Aug 2017][Kaspersky ShadowPad Aug 2017]

Cluster A Galaxy A Cluster B Galaxy B Level
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software Stately Taurus (62f010b9-707f-4161-99dc-69e3c6e54e13) Tidal Groups 1
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9) Tidal Groups ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software 1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software BRONZE BUTLER (5825a840-5577-4ffc-a08d-3f48d64395cb) Tidal Groups 1
Earth Lusca (646e35d2-75de-4c1d-8ad3-616d3e155c5e) Tidal Groups ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software 1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software Tonto Team (9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c) Tidal Groups 1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software RedEcho (a6dea520-12ab-5c7b-8142-db3a308122de) Tidal Groups 1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software Tropic Trooper (0a245c5e-c1a8-480f-8655-bb2594e3266b) Tidal Groups 1
ShadowPad (5190f50d-7e54-410a-9961-79ab751ddbab) Tidal Software Aquatic Panda (b8a349a6-cde1-4d95-b20f-44c62bbfc786) Tidal Groups 1