Goblin Panda

Threat Actor updated a month ago (2024-11-29T14:44:44.795Z)

Download STIX

Preview STIX

Goblin Panda is a recognized threat actor, known for its malicious activities in the cyber world. Various research organizations have indicated that several Chinese Advanced Persistent Threat (APT) groups such as Growing Taurus (aka Naikon) and Parched Taurus (aka Goblin Panda) have leveraged this threat. Furthermore, a builder linked to this threat, which creates a file named '8.t', is widely used by Chinese APT groups including TA428, Goblin Panda, IceFog, and SongXY. Although not publicly accessible, this builder's usage indicates the extent of Goblin Panda's influence in the cyber threat landscape. In recent developments, ESET researchers detected a MirrorFace spearphishing campaign targeting political entities in Japan. They also noted a shift in the target interests of some China-aligned groups, with Goblin Panda beginning to mirror Mustang Panda’s focus on European countries. This evolution signifies a broadening of Goblin Panda's geographical scope and an increase in its threat potential. The software deployed by Goblin Panda includes Cobalt Strike, Quasar RAT, HDoor (a backdoor previously used by Chinese groups like Naikon and Goblin Panda), a Gh0st RAT variant known as Gh0stCringe, and Winnti - a multi-functional implant capable of granting remote control to an infected machine. These tools further demonstrate the sophistication and capabilities of Goblin Panda, highlighting the need for robust cybersecurity measures to counteract its threats.

Description last updated: 2023-11-29T01:27:40.686Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Naikon is a possible alias for Goblin Panda. Naikon is a threat actor, or group, known for its execution of actions with malicious intent. It is associated with various Advanced Persistent Threat (APT) groups originating from China, such as Growing Taurus and Parched Taurus, also known as Goblin Panda. Naikon has been linked to PLA Unit 78020/	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Goblin Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Unit42	a year ago	Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
MITRE	2 years ago	COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group
ESET	2 years ago	ESET APT Activity Report T3 2022 \| WeLiveSecurity