Jun 2, 2026
C2 Hosts: 1
ShadowPad
Also known as: POISONPLUG.SHADOW, XShellGhost
Linked Threat Actors
APT17APT23APT41DAGGER PANDAEarth LuscaTonto TeamWET PANDAWebworm
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 2, 2026 | 1 |
Further Reading
attack.mitre.org opens in a new tab
attack.mitre.org
blog-en.itochuci.co.jp opens in a new tab
blog-en.itochuci.co.jp
blog.talosintelligence.com opens in a new tab
blog.talosintelligence.com
blogs.vmware.com opens in a new tab
blogs.vmware.com
cdn.securelist.com opens in a new tab
cdn.securelist.com
cloud.google.com opens in a new tab
cloud.google.com
community.riskiq.com opens in a new tab
community.riskiq.com
conference.hitb.org opens in a new tab
conference.hitb.org
github.com opens in a new tab
github.com
go.crowdstrike.com opens in a new tab
go.crowdstrike.com
go.recordedfuture.com opens in a new tab
go.recordedfuture.com
go.recordedfuture.com opens in a new tab
go.recordedfuture.com
go.recordedfuture.com opens in a new tab
go.recordedfuture.com
go.recordedfuture.com opens in a new tab
go.recordedfuture.com
harfanglab.io opens in a new tab
harfanglab.io
hello.global.ntt opens in a new tab
hello.global.ntt
hub.dragos.com opens in a new tab
hub.dragos.com
hunt.io opens in a new tab
hunt.io
hunt.io opens in a new tab
hunt.io
i.blackhat.com opens in a new tab
i.blackhat.com
ics-cert.kaspersky.com opens in a new tab
ics-cert.kaspersky.com
ics-cert.kaspersky.com opens in a new tab
ics-cert.kaspersky.com
jsac.jpcert.or.jp opens in a new tab
jsac.jpcert.or.jp
labs.sentinelone.com opens in a new tab
labs.sentinelone.com
medium.com opens in a new tab
medium.com
research.nccgroup.com opens in a new tab
research.nccgroup.com
rt-solar.ru opens in a new tab
rt-solar.ru
securelist.com opens in a new tab
securelist.com
securelist.com opens in a new tab
securelist.com
securelist.com opens in a new tab
securelist.com
securelist.com opens in a new tab
securelist.com
speakerdeck.com opens in a new tab
speakerdeck.com
st.drweb.com opens in a new tab
st.drweb.com
symantec-enterprise-blogs.security.com opens in a new tab
symantec-enterprise-blogs.security.com
symantec-enterprise-blogs.security.com opens in a new tab
symantec-enterprise-blogs.security.com
symantec-enterprise-blogs.security.com opens in a new tab
symantec-enterprise-blogs.security.com
symantec-enterprise-blogs.security.com opens in a new tab
symantec-enterprise-blogs.security.com
thehackernews.com opens in a new tab
thehackernews.com
therecord.media opens in a new tab
therecord.media
unit42.paloaltonetworks.com opens in a new tab
unit42.paloaltonetworks.com
vms.drweb.com opens in a new tab
vms.drweb.com
crowdstrike.com opens in a new tab
crowdstrike.com
elastic.co opens in a new tab
elastic.co
f6.ru opens in a new tab
f6.ru
ic3.gov opens in a new tab
ic3.gov
orangecyberdefense.com opens in a new tab
orangecyberdefense.com
ptsecurity.com opens in a new tab
ptsecurity.com
ptsecurity.com opens in a new tab
ptsecurity.com
ptsecurity.com opens in a new tab
ptsecurity.com
ptsecurity.com opens in a new tab
ptsecurity.com
ptsecurity.com opens in a new tab
ptsecurity.com
pwc.co.uk opens in a new tab
pwc.co.uk
pwc.co.uk opens in a new tab
pwc.co.uk
recordedfuture.com opens in a new tab
recordedfuture.com
recordedfuture.com opens in a new tab
recordedfuture.com
recordedfuture.com opens in a new tab
recordedfuture.com
reliaquest.com opens in a new tab
reliaquest.com
secureworks.com opens in a new tab
secureworks.com
sentinelone.com opens in a new tab
sentinelone.com
sentinelone.com opens in a new tab
sentinelone.com
sentinelone.com opens in a new tab
sentinelone.com
theregister.com opens in a new tab
theregister.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
virusbulletin.com opens in a new tab
virusbulletin.com
virusbulletin.com opens in a new tab
virusbulletin.com
virusbulletin.com opens in a new tab
virusbulletin.com
virusbulletin.com opens in a new tab
virusbulletin.com
welivesecurity.com opens in a new tab
welivesecurity.com
welivesecurity.com opens in a new tab
welivesecurity.com
welivesecurity.com opens in a new tab
welivesecurity.com
welivesecurity.com opens in a new tab
welivesecurity.com
welivesecurity.com opens in a new tab
welivesecurity.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com
youtube.com opens in a new tab
youtube.com