Icefog
IceFog is a threat actor referenced in the provided content as one of multiple groups known to have used or shared ShadowPad infrastructure or tooling. The content also notes "a resurgence in an attack by the Icefog group in 2019" in relation to Quarian. No additional high-confidence details on targeting, tactics, techniques, geography, or attribution are directly provided in the supplied material. Known alias in the content: icefog.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Associated malware families
2 malware families attributed to this actor across reporting.
Observables
1 indicator attributed to this actor: domains, IPs, hashes, and other artifacts pulled from reporting. View more in app.
Recent activity
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as one of several threat actors known to use ShadowPad.
Referenced as having used Quarian in a 2019 resurgence; the 2020 Quarian activity is discussed separately and attributed to CloudComputating, not explicitly to Icefog.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.