Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad)
ShadowPad is a modular malware platform privately shared with multiple PRC-linked threat actors since 2015. According to SentinelOne, ShadowPad is highly likely the successor to PlugX. Due to its prevalence in the cyber espionage field, the VMware Threat Analysis Unit (TAU) was motivated to analyze the command and control (C2) protocol to discover active ShadowPad … ContinuedThe post Threat Analysis: Active C2 Discovery Using Protocol Emulation Part3 (ShadowPad) appeared first on VMware
More info:
https://blogs.vmware.com/security/2022/10/threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad.html?utm_source=rss&utm_medium=rss&utm_campaign=threat-analysis-active-c2-discovery-using-protocol-emulation-part3-shadowpad