Campaigns
Attacks on industrial control systems using ShadowPad

Attacks on industrial control systems using ShadowPad

shadowpad
Researchers uncovered an active ShadowPad backdoor infection on industrial control systems (ICS) in Pakistan. These infected machines includes engineering hardware systems related to automation systems Infected machines includes engineering computers used in building automation systems.

Indicators of Compromise

abuoluowang.com
houwags.defineyourid.site
grandfoodtony.com
stat.8788912.com
help.ffyl-bet.com
static.daytodayup.com
www.tiger266.com
live.musicweb.xyz
help.mkdjgame.com
yd.full-subscription.com
zk.full-subscription.com
storage.ondriev.tk
www.ffyl-bet.com
api.onedriev.tk
obo.videocenter.org
cdn.1685810.com
cachedownload.goldenrose88.com
order.cargobussiness.site
backup.microsupdate.com
api.gpk-demo.com
mirrors.centos.8788912.com
cs.full-subscription.com
static.1685810.com
vblocalhost.com
help.tiger266.com
login.good-enough-8fe4.com
closed.theworkpc.com
time.daytimegamers.com
documents.kankuedu.org
tech.obj.services
www.machinetimeer.com
www.animal777.com
cdn2.twmicrosoft.com
api.geming8888.com
new.mkdjgame.com
themerecord.com
rec.micosoft.ga
static.gpk-demo.com

APT Groups4

Earth LuscaChina
TAG-22RedHotelFishmonger
AxiomChina
Bronze OliveAxiomWicked PandaAPT 22Group 72Wicked SpiderBronze ExportWinnti Group
Wet PandaChina
RedChimeraRed Chimera
Tonto TeamChina
Karma PandaHartBeatEarth AkhlutTAG-74Tonto TeamBronze HuntleyCactusPeteHeartBeatLoneRanger

Campaign Guidance

Remediation, mitigation, notes, history and related intelligence

Reports & References2

Observed Countries2

AF (52)
PK (350)