| ID | Votes | Profile Description |
|---|---|---|
| APT27 | 7 | APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario |
| SysUpdate | 4 | SysUpdate is a malicious software variant that has been exclusively used by Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix. In December 2020, a sample of the SysUpdate malware variant was found, with its payload being a new version of SysUpdate. |
| LuckyMouse | 4 | LuckyMouse, also known as Budworm, Emissary Panda, and APT27, is a threat actor that has been involved in several high-profile cyber-espionage activities. The group has demonstrated its ability to develop and deploy advanced cyber tools, targeting various operating systems including MacOS, Linux, an |
| Lucky Mouse | 3 | Lucky Mouse, also known as Emissary Panda, APT27, Threat Group 3390, Bronze Union, and several other names, is a malicious software (malware) attributed to a China-linked Advanced Persistent Threat (APT) group. This malware has been active since at least 2013, targeting various industry verticals fo |
| Cobra Docguard | 2 | Cobra DocGuard, a software produced by Chinese firm EsafeNet for protecting, encrypting, and decrypting software, has been exploited in a series of malware attacks. The attackers compromised the software's update files to deliver malicious updates that infected targeted systems. The first known inst |
| inicore_v2.3.30.dll | 2 | The malware inicore_v2.3.30.dll is a harmful program designed to exploit and damage computer systems, often infiltrating them via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for |
| Iron Tiger | 2 | Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att |
| BRONZE UNION | 2 | Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific |
| Budworm | 2 | Budworm, also known as LuckyMouse or APT 27, is a threat actor that has been associated with various high-profile cyber attacks. This group has been found to utilize tools such as the Korplug backdoor, which is commonly used by multiple Advanced Persistent Threats (APTs) including Budworm and APT41, |
| NICKEL | 1 | Nickel is a notable threat actor, or malicious entity, that has been involved in significant cyber operations. Notably, Nickel targeted government organizations across Latin America and Europe, alongside other nation-state affiliated threat actors such as FIN6 and Emissary Panda. These groups focuse |
| Red Phoenix | 1 | Red Phoenix, also known as Budworm, APT27, Emissary Panda, Bronze Union, Lucky Mouse, and Iron Tiger, is a notorious malware that has been active since at least 2013. It is associated with a Chinese advanced persistent threat (APT) operation, targeting various industry verticals for intelligence gat |
| Emissary | 1 | Emissary is a malicious software (malware) known for its damaging and exploitative characteristics. The malware operates as a Trojan, named Emissary, that infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can disrupt operatio |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Cobra | Unspecified | 2 | Cobra is a type of malware, short for malicious software, designed to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Cobra has the potential to steal personal information, disrup |
| China Chopper | Unspecified | 1 | China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated |
| HyperBro | Unspecified | 1 | HyperBro is a malicious software (malware) that has been utilized in a sophisticated cyber espionage campaign targeting semiconductor industries primarily in Taiwan, Hong Kong, and Singapore. This malware was discovered being used in conjunction with a lure purporting to be from the Taiwan Semicondu |
| Korplug | Unspecified | 1 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
| Antak | Unspecified | 1 | Antak is a type of malware, specifically a webshell, that has been detected on SharePoint servers. The Antak webshell, as depicted in Figure 2, was loaded onto the server and used to upload additional tools for post-exploitation. In addition to Antak, several other webshells were also installed on t |
| python33.dll | Unspecified | 1 | Python33.dll is a harmful malware that can infiltrate your system through various channels, including suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. This malicious software has been observed be |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| FIN6 | Unspecified | 1 | FIN6, also known as ITG08, Skelaton Spider, and MageCart, is a notorious threat actor that has been implicated in various cybercrime activities. The group gained notoriety for stealing credit cards through point-of-sale (POS) systems in retail and hospitality establishments, most notably in the Home |
| APT41 | Unspecified | 1 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Wicked Panda | Unspecified | 1 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| GALLIUM | Unspecified | 1 | Gallium, also known as Alloy Taurus, is a China-aligned threat actor known for executing actions with malicious intent in the cyber domain. In recent years, Gallium has been associated with various significant cyber-espionage campaigns. The group targeted telecommunication entities in the Middle Eas |
| APT10 | Unspecified | 1 | APT10, also known as the Menupass Team, is a threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). The group has been active since 2009 and is suspected to be based in Tianjin, China, according to research by IntrusionTruth in 2018. APT10 has primarily targeted |
| POTASSIUM | Unspecified | 1 | Potassium, also known as APT10, CVNX, Stone Panda, MenuPass, and POTASSIUM, is a threat actor that has been linked to multiple cyberattacks. This entity is believed to be operating out of China, with Zhu Hua and Zhang Shilong identified as key players within the group. They are reportedly associated |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| CVE-2019-0604 | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| DARKReading | 2 months ago | Chinese Threat Clusters Triple-Team High-Profile Asian Government Org |
| CERT-EU | 9 months ago | Domain of Thrones: Part I |
| CERT-EU | 10 months ago | Multiple Chinese APTs are attacking European targets, EU cyber agency warns | #ukscams | #datingscams | #european | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting |
| CERT-EU | 10 months ago | Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org - Cyber Security Review |
| CERT-EU | 10 months ago | DDoS attack hits Russian flight booking system claimed by Ukrainian hackers |
| CERT-EU | 10 months ago | Asian government, telco targeted by Chinese APT |
| CERT-EU | 10 months ago | Cyber Security Week in Review: September 29, 2023 |
| InfoSecurity-magazine | 10 months ago | Budworm APT Evolves Toolset, Targets Telecoms and Government |
| CERT-EU | 10 months ago | China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies |
| CERT-EU | 10 months ago | Budworm hackers target telcos and govt orgs with custom malware |
| BankInfoSecurity | a year ago | Threat Actor Targets Hong Kong With Korplug Backdoor |
| Securityaffairs | a year ago | Carderbee APT targets Hong Kong orgs via supply chain attacks |
| CERT-EU | a year ago | Previously unknown hacking group targets Hong Kong organizations in supply chain cyberattack |
| Checkpoint | a year ago | 6th March – Threat Intelligence Report - Check Point Research |
| CERT-EU | a year ago | Operation Soft Cell: Chinese Hackers Breach Middle East Telecom Providers |
| MITRE | a year ago | Exchange servers under siege from at least 10 APT groups | WeLiveSecurity |
| MITRE | a year ago | Emissary Panda – A potential new malicious tool |
| MITRE | a year ago | Emissary Panda Attacks Middle East Government SharePoint Servers |
| MITRE | a year ago | Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes” |
| DARKReading | a year ago | Linux Support Expands Cyber Spy Group's Arsenal |