Matheo93

## shadow_revolt_iocs.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                Matheo93
                / shadow_revolt_iocs.md
            
            
              Created
              April 22, 2026 16:08
            
              
                SHADOW REVOLT LOADER / @landak_kuning — WordPress webshell campaign IoCs (Apr 2026)
              
          
    SHADOW REVOLT LOADER / @landak_kuning — Campaign IoCs

Discovery date: 2026-04-22

Affected site: brefservice.fr (WordPress + Divi theme 4.20.4)

First webshell deposit: 2025-09-08 (backdoor present for 7+ months undetected)
Campaign signatures


Name: SHADOW REVOLT LOADER
Author handle: @landak_kuning (Indonesian/Korean threat actor)