Iron Taurus

Malware updated 23 days ago (2024-11-29T13:44:03.369Z)
Download STIX
Preview STIX
Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. Iron Taurus is associated with Chinese nation-state threat actors and has been identified as part of a shared Chinese APT operational infrastructure, used in conjunction with other malwares such as Starchy Taurus (aka Winnti) and Stately Taurus (aka Mustang Panda). One notable operation involving Iron Taurus was Operation Iron Tiger, which was carried out in 2015. This operation was attributed to Iron Taurus according to reports by ERAI and Malpedia. During this operation, the malware was reportedly used to exploit vulnerabilities and gain unauthorized access to targeted systems. This shows the malware's capability to be utilized in large-scale, coordinated cyber attacks. The use of AspxSpy web shells was a significant aspect of Iron Taurus's methodology in Operation Iron Tiger. These web shells, which provide a hacker with remote control over a compromised system, were employed effectively by Iron Taurus. Experts have noted similarities between the AspxSpy web shells used by Iron Taurus and those employed by another malware, Gelsemium, indicating possible shared tactics or collaboration between different threat actors.
Description last updated: 2024-05-23T15:16:26.748Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Iron Tiger is a possible alias for Iron Taurus. Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group believed to be aligned with China. The group has been involved in numerous cyber-espionage campaigns, targeting various entities including United States defense contractors and other international organizations. Their activities
3
APT27 is a possible alias for Iron Taurus. APT27, also known as Emissary Panda or Iron Taurus, is a threat actor suspected to be associated with China and has been involved in cyber operations primarily aimed at intellectual property theft. The group targets organizations globally, including those in North and South America, Europe, and the
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Stately Taurus Malware is associated with Iron Taurus. Stately Taurus, also known as Mustang Panda, Bronze President, Camaro Dragon, Earth Preta, Luminous Moth, and Red Delta, is a sophisticated malware that has been used in cyber-espionage campaigns primarily targeting government entities in Southeast Asia. It is believed to be associated with China's Unspecified
2
The ASPXSpy Malware is associated with Iron Taurus. ASPXSpy is a type of malware, specifically a web shell, that has been used by various threat actors to exploit and damage computer systems. The earliest deployment attempts date back to 2022 when this malicious software was deployed to multiple hosted websites. It's typically installed on vulnerableUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mustang Panda Threat Actor is associated with Iron Taurus. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modifUnspecified
2
Source Document References
Information about the Iron Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more