Request a Demo
Rewterz
Multiple Adobe Products Vulnerabilities
November 20, 2024
Rewterz
MuddyWater APT – Active IOCs
November 20, 2024

ShadowPad RAT – Active IOCs

Severity

High

Analysis Summary

ShadowPad is a RAT (Remote Access Trojan) used frequently by several Chinese state-sponsored threat actors. The activity using ShadowPad is also linked to the MSS (Chinese Ministry of State Security) and the People's Liberation Army (PLA). It is mostly a two-file execution malware; a DLL loader containing a ShadowPad payload embedded in it. Threat actors using ShadowPad target South Korea, India, Japan, Ukraine, Russia, and Mongolia. One such group is TAG-38 which has previously targeted Indian power grid assets.

Impact

  • Unauthorized Access
  • Financial Theft
  • Information Theft

Indicators of Compromise

IP

  • 37.120.222.37

MD5

  • 704fb67dffe4d1dce8f22e56096893be
  • f6a16ca591e787bf4922c4f1521be536

SHA-256

  • 79c2c656eac34f628406855c9fafe36161ac423c071d9b20b64f4f511c9ec241
  • 637a382d88431cea9ec13072e7a880316021b3861c74574b9ef79ec21d6e1237

SHA1

  • 88e345cd7b63dcc6f9559de4208d8832835ca6a3
  • 9e871e58090bcaf8cfb80a1a80a595f73ed368a9

Remediation

  • Block all threat indicators at your respective controls.
  • Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
  • Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
  • Patch and upgrade any platforms and software on time and make it into a standard security policy.
  • Employ network intrusion detection and prevention systems to monitor and block malicious network activities.
  • Implement network segmentation to limit lateral movement for attackers within the network.
  • Implement advanced email filtering to detect and block phishing emails.
  • Employ updated and robust endpoint protection solutions to detect and block malware.
  • Develop and test an incident response plan to ensure a swift and effective response to security incidents.
  • Enhance logging and monitoring capabilities to detect anomalous activities and unauthorized access.
  • Conduct regular security audits and penetration testing to identify and address potential vulnerabilities.
  • Regularly back up critical data and ensure that backup and recovery procedures are in place.