| ID | Votes | Profile Description |
|---|---|---|
| Budworm | 1 | Budworm, also known as LuckyMouse or APT 27, is a threat actor that has been associated with various high-profile cyber attacks. This group has been found to utilize tools such as the Korplug backdoor, which is commonly used by multiple Advanced Persistent Threats (APTs) including Budworm and APT41, |
| APT27 | 1 | APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Emissary | Unspecified | 1 | Emissary is a malicious software (malware) known for its damaging and exploitative characteristics. The malware operates as a Trojan, named Emissary, that infiltrates systems through suspicious downloads, emails, or websites without the user's knowledge. Once inside a system, it can disrupt operatio |
| Cobalt Strike Beacon | Unspecified | 1 | Cobalt Strike Beacon is a type of malware known for its harmful capabilities, including stealing personal information, disrupting operations, and potentially holding data hostage for ransom. The malware has been loaded by HUI Loader through various files such as mpc.tmp, dlp.ini, vmtools.ini, and an |
| Chargeweapon | Unspecified | 1 | ChargeWeapon is a malicious software (malware) that exploits compromised web servers to gain unauthorized access and gather sensitive data from infected systems. The malware was first identified on the Cobra DocGuard web server, where it was deployed as a previously unknown Go-based backdoor. This b |
| Korplug | Unspecified | 1 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
| PlugX | Unspecified | 1 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| ShadowPad | Unspecified | 1 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Emissary Panda | Unspecified | 1 | Emissary Panda, also known as Iron Tiger, APT27, Budworm, Bronze Union, Lucky Mouse, and Red Phoenix, is a threat actor group associated with malicious cyber activities. The group has been active since at least 2013, targeting various industry verticals across Europe, North and South America, Africa |
| Iron Tiger | Unspecified | 1 | Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att |
| BRONZE UNION | Unspecified | 1 | Bronze Union, also known as APT27, Emissary Panda, Lucky Mouse, Iron Tiger, and Red Phoenix, is a threat actor with alleged connections to the Chinese government. The group has been observed targeting organizations across Europe, North and South America, Africa, the Middle East, and the Asia-Pacific |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Korplug Plugx | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| CERT-EU | 10 months ago | Chinese Hackers Attacking Semiconductor Industries using Cobalt Strike beacon |
| CERT-EU | 10 months ago | L’hebdo cybersécurité (8 octobre 2023) • Cybersécurité |
| CERT-EU | 10 months ago | China-based spies are hacking East Asian semiconductor companies, report says | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| CERT-EU | 10 months ago | Semiconductor firms targeted by Chinese hackers |
| CERT-EU | 10 months ago | Cyber Security Week in Review: October 6, 2023 |
| CERT-EU | 10 months ago | China-linked cyberspies backdoor semiconductor firms with Cobalt Strike |
| CERT-EU | 10 months ago | Chinese State-Sponsored Cyber Espionage Activity Targeting Semiconductor Industry in East Asia |
| MITRE | a year ago | Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware |
| MITRE | a year ago | Emissary Panda Attacks Middle East Government SharePoint Servers |
| MITRE | a year ago | LuckyMouse hits national data center to organize country-level waterholing campaign |
| MITRE | a year ago | Chinese Hackers Carried Out Country-Level Watering Hole Attack |
| CISA | a year ago | Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA |
| CISA | a year ago | MAR-10365227-2.v1 HyperBro | CISA |
| CISA | a year ago | Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization | CISA |
| Trend Micro | a year ago | Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting |
| CERT-EU | a year ago | Space Pirates: analyzing the tools and connections of a new hacker group |