Numbered Panda

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
Numbered Panda, also known by several other names such as DYNCALC, IXESHE, JOY RAT, and APT-12, is a threat actor based in China. This entity is notorious for executing actions with malicious intent, targeting a wide range of victims including media outlets, high-tech companies, and various government organizations. The group has been involved in numerous high-profile cyber attacks, demonstrating its ability to penetrate complex security systems and exploit sensitive data. This week, we have identified several indicators associated with Numbered Panda's activities. Among the most notable are the alerts pertaining to three variants of the Joy RAT malware. These alerts were triggered by specific content patterns in TCP traffic from client networks to external networks, suggesting active or attempted intrusions. In addition, it was observed that Numbered Panda often uses blogs or WordPress in their command-and-control (C2) infrastructure, a strategy that helps camouflage their network traffic and make it appear more legitimate. Historically, Numbered Panda has targeted organizations involved in time-sensitive operations, filling intelligence gaps in critical situations. For instance, during the Fukushima Reactor Incident of 2011, the group likely sought to gather information about ground cleanup and mitigation operations. Given their past activities and ongoing threats, it is crucial to remain vigilant and ensure robust cybersecurity measures are in place to counteract potential attacks from this adversary.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
DynCalc
1
None
Ixeshe
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Crowdstrike
Wordpress
Rat
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Numbered Panda Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Read Featured Article "Whois Numbered Panda" by Adam Meyers