Goblin Panda

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this threat. Furthermore, a builder linked to this threat, which creates a file named '8.t', is widely used by Chinese APT groups including TA428, Goblin Panda, IceFog, and SongXY. Although not publicly accessible, this builder's usage indicates the extent of Goblin Panda's influence in the cyber threat landscape. In recent developments, ESET researchers detected a MirrorFace spearphishing campaign targeting political entities in Japan. They also noted a shift in the target interests of some China-aligned groups, with Goblin Panda beginning to mirror Mustang Panda’s focus on European countries. This evolution signifies a broadening of Goblin Panda's geographical scope and an increase in its threat potential. The software deployed by Goblin Panda includes Cobalt Strike, Quasar RAT, HDoor (a backdoor previously used by Chinese groups like Naikon and Goblin Panda), a Gh0st RAT variant known as Gh0stCringe, and Winnti - a multi-functional implant capable of granting remote control to an infected machine. These tools further demonstrate the sophistication and capabilities of Goblin Panda, highlighting the need for robust cybersecurity measures to counteract its threats.
What's your take? (Question 1 of 1)
311ff7c6-d4d4-43fd-bfdd-4acde85e417d Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Naikon
2
Naikon is a recognized threat actor, essentially a group or entity responsible for executing actions with malicious intent. Various research organizations have reported that this Chinese Advanced Persistent Threat (APT) group has been used by multiple other groups such as Growing Taurus and Parched
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Goblin Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group
CERT-EU
8 months ago
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
ESET
a year ago
ESET APT Activity Report T3 2022 | WeLiveSecurity
Unit42
8 months ago
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus