| ID | Votes | Profile Description |
|---|---|---|
| NICKEL | 3 | Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse |
| Vixen Panda | 2 | Vixen Panda, also known as APT15, Flea, KE3CHANG, Nickel, Playful Dragon, Royal APT, and BackdoorDiplomacy, among other names, is a significant threat actor believed to be sponsored by the Chinese government. The group has been operational since at least 2004, targeting government entities, diplomat |
| Ke3chang | 2 | Ke3chang, also known as APT15, Mirage, Vixen Panda GREF, and Playful Dragon, is a prominent threat actor that has been active since at least 2010. According to the European Union Agency for Cybersecurity (ENISA), this group has consistently targeted energy, government, and military sectors. Ke3chang |
| Playful Dragon | 2 | Playful Dragon, also known as APT15, Ke3chang, Mirage, Vixen Panda, GREF, Flea, Nickel, and Royal APT, is a notable threat actor in the cybersecurity sphere. This group has been identified by cybersecurity professionals as being behind numerous malicious activities with a history of targeting govern |
| GREF | 2 | GREF, a China-aligned Advanced Persistent Threat (APT) group, has been identified as the orchestrator of two active Android malware campaigns. The campaigns have been distributing a malicious software called BadBazaar via two applications, Signal Plus Messenger and FlyGram, through the Google Play s |
| MirageFox | 1 | MirageFox is a sophisticated malware, believed to be an updated version of the Remote Access Trojan (RAT) known as Mirage, which originated in 2012. The malware has been attributed with high confidence to Advanced Persistent Threat group 15 (APT15), due to code and other similarities found in the Mi |
| Flea | 1 | Flea, also known as APT15 or Nickel, is a China-linked threat actor primarily targeting foreign affairs ministries in Central and South American countries. The group's latest campaign utilizes a novel backdoor named "Graphican," which is an evolution of their custom backdoor Ketrican. This new backd |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Badbazaar | Unspecified | 2 | BadBazaar is a malicious software (malware) developed by EvilBamboo, a hacker group that primarily targets the Uyghur community in China and abroad, including Turkey and Afghanistan. This malware, along with two others named BADSIGNAL and BADSOLAR, is designed to exploit Android devices through dece |
| Signal Plus Messenger | Unspecified | 2 | Signal Plus Messenger and FlyGram are malware variants of a sophisticated espionage tool named BadBazaar, believed to be orchestrated by a China-linked threat actor known as Gref. These malicious applications were distributed through the Google Play store, Samsung Galaxy Store, and specific websites |
| Ketrican | Unspecified | 2 | Ketrican is a type of malware, or malicious software, that was developed to exploit and damage computer systems. It's associated with the Ke3chang group and is known for its ability to infiltrate systems through suspicious downloads, emails, or websites. Once inside a system, Ketrican can steal pers |
| graphican | Unspecified | 2 | Graphican is a novel malware developed by the Chinese threat actor group known as Flea, APT15, or Nickel. The malware, an evolution of the group's custom backdoor Ketrican, has been used in a series of cyber-attacks against foreign affairs ministries across Central and South America between late 202 |
| PingPull | Unspecified | 1 | PingPull is a malicious software (malware) developed by the Chinese nation-state group known as Alloy Taurus, also referred to as Gallium. The malware is designed to exploit and damage computer systems, with capabilities such as stealing personal information, disrupting operations, or holding data h |
| BS2005 | Unspecified | 1 | BS2005 is a malicious software (malware) traditionally used by a cybercriminal group for harmful activities. The malware infiltrates systems via suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. BS2005, known as a backd |
| Flygram | has used | 1 | FlyGram is a malicious software (malware) that first appeared on Google Play in July 2020 and was removed in January 2021. It was designed to exploit and damage users' devices by stealing sensitive data, including basic device information, contact lists, call logs, and Google Account data. The malwa |
| Taurus | Unspecified | 1 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Kechang | Unspecified | 1 | None |
| Noisemaker | Unspecified | 1 | None |
| LuckyMouse | Unspecified | 1 | LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an |
| GALLIUM | Unspecified | 1 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| Apt25 | Unspecified | 1 | APT25, also known as Uncool, Vixen Panda, Ke3chang, Sushi Roll, and Tor, is a threat actor suspected to be attributed to China. This group has targeted sectors such as defense industrial base, media, financial services, and transportation in the U.S. and Europe. They are associated with several type |
| RoyalAPT | Unspecified | 1 | None |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2020-1472 | Unspecified | 2 | CVE-2020-1472, also known as the ZeroLogon vulnerability, is a critical-severity privilege escalation flaw in Microsoft's Netlogon Remote Protocol. It was patched by Microsoft on August 11, 2020. This vulnerability allows attackers to gain administrative access to a Windows domain controller without |
| Vixen Panda Gref | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 3 months ago | Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft |
| CERT-EU | 10 months ago | Multiple Chinese APTs are attacking European targets, EU cyber agency warns | #ukscams | #datingscams | #european | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting |
| CERT-EU | 10 months ago | My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online |
| CERT-EU | a year ago | BadBazaar: Chinese Spyware Shams Signal, Telegram Apps |
| DARKReading | a year ago | Chinese Group Spreads Android Spyware Via Trojan Signal, Telegram Apps |
| CERT-EU | a year ago | ‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors |
| CERT-EU | a year ago | BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps |
| CERT-EU | a year ago | Industrial Organizations in Eastern Europe Targeted by Chinese Cyberspies |
| CERT-EU | a year ago | Novel Graphican backdoor leveraged in Chinese APT attacks against foreign ministries |
| CERT-EU | a year ago | Cyber security week in review: June 23, 2023 |
| CERT-EU | a year ago | China-Linked APT15 Targets Foreign Ministries With ‘Graphican’ Backdoor |
| CERT-EU | a year ago | China-sponsored APT group targets government ministries in the Americas |
| CERT-EU | a year ago | Graphican: Flea uses new backdoor in attacks targeting Foreign Ministries – Cyber Security Review |
| DARKReading | a year ago | 20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks |
| CERT-EU | a year ago | Chinese Hackers APT15 Use New Backdoor Malware to Target American Ministries |
| CERT-EU | a year ago | China-Linked 'Flea' Hacking Group Tied to Cyberattacks on Foreign Ministries | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| MITRE | a year ago | NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog |
| MITRE | a year ago | MirageFox: APT15 Resurfaces With New Tools Based On Old Ones - Intezer |
| MITRE | a year ago | APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS |
| MITRE | a year ago | Advanced Persistent Threats (APTs) | Threat Actors & Groups |