Tracking ShadowPad Infrastructure Via Non-Standard Certificates [Monday, February 12, 2024]

This post will examine ShadowPad infrastructure linked to a yet-to-be-identified threat actor. What makes this activity different is a slight chang...
Tracking ShadowPad Infrastructure Via Non-Standard Certificates [Monday, February 12, 2024]
Tracking ShadowPad Infrastructure Via Non-Standard Certificates

Tracking ShadowPad Infrastructure Via Non-Standard Certificates

Description :
This post will examine ShadowPad infrastructure linked to a yet-to-be-identified threat actor. What makes this activity different is a slight change in the HTTP response headers and the use of a certificate attempting to spoof American technology company, Dell. Within this group of IPs, there are additional subsets of activity utilizing different port configurations and some interesting domains, discussed later in this article.

Published Created Modified
2024-02-12 11:11:49 2024-02-12 11:11:49 2024-02-12 11:57:40

Tags

Indicators

IPv4s : Malwares :
  • ShadowPad
MITRE ATT&CK Techniques :

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.