| ID | Votes | Profile Description |
|---|---|---|
| PlugX | 9 | PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It |
| BISCUIT | 1 | "Biscuit" is a sophisticated malware variant that was notably used in an attack campaign titled "Operation Bitter Biscuit". This operation was first reported by AhnLab in October 2017, targeting entities in South Korea, Japan, India, and Russia. The offensive made use of the Bisonal remote access tr |
| Ta428 | 1 | TA428 is a sophisticated malware toolkit associated with several cyber threat groups, including Bronze Union (also known as LuckyMouse or APT27) and BackdoorDiplomacy. The TA428 toolkit includes various malicious software like Albaniiutas (RemShell), which is specifically mentioned in an ESET report |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Poisonplug | Unspecified | 2 | None |
| HyperBro | Unspecified | 1 | HyperBro is a malicious software (malware) that has been utilized in a sophisticated cyber espionage campaign targeting semiconductor industries primarily in Taiwan, Hong Kong, and Singapore. This malware was discovered being used in conjunction with a lure purporting to be from the Taiwan Semicondu |
| ZxShell | Unspecified | 1 | ZXShell is a malicious software (malware) that has been used by various cyber threat actors to exploit and damage computer systems. It is known to be associated with other malware such as PANDORA, SOGU, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, QIAC, Gh0st, Poison Ivy, BEACON, HOMEUNIX, STEW, among o |
| Nebulae | Unspecified | 1 | None |
| Bisonal | Unspecified | 1 | Bisonal is a multifunctional malware that has been in use for over a decade by the Tonto Team, a Chinese government-aligned Advanced Persistent Threat (APT) group. This malicious software is known for its extensive capabilities including process and file information harvesting, command and file exec |
| KeyBoy | Unspecified | 1 | KeyBoy is a malicious software (malware) primarily linked to the cyber espionage group known as TA413, which has historically targeted Tibetan entities. The malware is designed with an array of functionalities that allow it to infiltrate and exploit computer systems, including screen grabbing, deter |
| Axiomaticasymptote | Unspecified | 1 | Axiomaticasymptote is a type of malware, a malicious software designed to infiltrate and damage computer systems without the user's knowledge. It typically operates in conjunction with other malware such as Cobalt Strike, Meterpreter, PlugX, Mythic, Metasploit, XtremeRAT, and CROSSWALK. These harmfu |
| Taurus | Unspecified | 1 | Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal |
| China Chopper | Unspecified | 1 | China Chopper is a notorious malware that has been widely used by various Advanced Persistent Threat (APT) groups, notably BRONZE UNION. This web shell was found embedded in multiple web shells on SharePoint servers, such as stylecs.aspx, test.aspx, and stylecss.aspx. It is believed to be associated |
| Korplug | Unspecified | 1 | Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in |
| Stately Taurus | Unspecified | 1 | Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to Marc |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Winnti | Unspecified | 7 | Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar |
| Redfly | Unspecified | 5 | RedFly, a threat actor group known for its malicious activities, has emerged as a significant cybersecurity concern. The group's operations are characterized by their strategic execution and targeted focus, often resulting in substantial security breaches. Threat actors like RedFly pose a significan |
| APT41 | Unspecified | 5 | APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4 |
| Winnti Group | Unspecified | 2 | The Winnti Group, a collective of Chinese Advanced Persistent Threat (APT) groups including APT41, first gained notoriety for its attacks on computer game developers. The group was initially spotted by Kaspersky in 2013, but researchers suggest that this nation-state actor has been active since at l |
| Redhotel | Unspecified | 2 | RedHotel, also known as Aquatic Panda, ControlX, and Bronze University, is a threat actor linked to Chinese state-sponsored cyber groups. It is part of a sophisticated network of espionage operations including RedAlpha, Poison Carp, and i-SOON, which are primarily involved in the theft of telecommun |
| Lancefly | Unspecified | 2 | Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto |
| I-Soon | Unspecified | 2 | i-SOON, a threat actor believed to be operating out of China, has come into the limelight due to a significant data leak. The leaked documents provide an inside view of i-SOON's operations, revealing its role in executing cyberespionage campaigns on behalf of various Chinese government agencies. Thi |
| Earth Lusca | Unspecified | 2 | Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa |
| Bronze University | Unspecified | 2 | Bronze University, also known as Aquatic Panda, ControlX, RedHotel, and Earth Lusca, is a threat actor group believed to be a Chinese state-sponsored hacking operation. The group has been active since 2021, targeting government, aerospace, education, telecommunications, media, and research organizat |
| Operation Bitter Biscuit | Unspecified | 1 | Operation Bitter Biscuit, as reported by AhnLab, was a malicious campaign executed by a threat actor known as the Tonto Team. This operation targeted entities in South Korea, Japan, India, and Russia, with the initial report being published in October 2017. The main tools used in this cyber-attack w |
| Barium | Unspecified | 1 | Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario |
| Bronze Atlas | Unspecified | 1 | Bronze Atlas, also known as APT41, Winnti Group, or HOODOO, is a significant threat actor identified in the cybersecurity industry. The group has been involved in various malicious activities and has been tracked by Secureworks' Counter Threat Unit since at least 2007. According to Marc Burnard, a s |
| Volt Typhoon | Unspecified | 1 | Volt Typhoon, a threat actor linked to China, has been identified as a significant cyber threat with strong operational security. Known for their sophisticated Advanced Persistent Threat (APT) activities, this group has been associated with the KV-Botnet and has remained undetected within U.S. infra |
| Red Echo | Unspecified | 1 | Red Echo, also known as Redfly, is a subgroup within the larger threat actor group Winnti. This group has been identified as responsible for a series of cyber-attacks with malicious intent, targeting various entities globally. In a recent campaign, Red Echo managed to infiltrate and occupy the netwo |
| Mustang Panda | Unspecified | 1 | Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar |
| Crosswalk | Unspecified | 1 | Crosswalk, a threat actor in the cybersecurity industry, has been identified as utilizing FakeTLS in its traffic, presenting significant security concerns. This modular backdoor is implemented in shellcode, with the main payload being the Crosswalk backdoor itself. The malicious files associated wit |
| Earth Krahang | Unspecified | 1 | Earth Krahang is a threat actor, a term used in cybersecurity to describe an entity responsible for malicious activities. This could be an individual, a private company, or even a government organization. In the world of cybersecurity, unique names are often given to these actors to differentiate th |
| Earth Akhlut | Unspecified | 1 | Earth Akhlut is a recognized threat actor, originating from China, known for its malicious activities in the realm of cybersecurity. Since 2019, it has been involved in distributing the Shadowpad malware, a sophisticated tool that has caused significant concern within the cybersecurity community. Th |
| Blackfly | Unspecified | 1 | Blackfly is a threat actor, tracked by Symantec, that has been involved in cyber-attacks primarily targeting South Korean companies, especially those in the video game and software development industry. The group initiated its activities with a campaign to steal certificates, which were later utiliz |
| BRONZE BUTLER | Unspecified | 1 | Bronze Butler, also known as Tick, is a sophisticated threat actor primarily focusing on cyberespionage against Japanese enterprises. In March 2023, ESET reported an operation by Bronze Butler that compromised the update server of an East Asian Data Loss Prevention (DLP) company, notably serving gov |
| BRONZE HUNTLEY | Unspecified | 1 | Bronze Huntley is a recognized threat actor, known for its malicious activities in the cybersecurity domain. The group has been identified as using the ShadowPad DLL loader (secur32.dll), a notorious tool that allows them to inject malicious code into legitimate processes, thus evading detection and |
| CactusPete | Unspecified | 1 | CactusPete, also known as Tonto Team, is a Chinese-speaking cyber-espionage group that has been active since at least 2012. Characterized by medium-level technical capabilities, CactusPete has demonstrated a significant development pace, producing more than 20 samples per month. The group primarily |
| BITTER | Unspecified | 1 | Bitter, also known as T-APT-17, is a suspected South Asian threat actor that has been involved in various cyber campaigns. The group has been active since at least August 2021, with its operations primarily targeting government personnel in Bangladesh through spear-phishing emails. The similarities |
| Tick | Unspecified | 1 | Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami |
| Tonto Team | Unspecified | 1 | Tonto Team is a Chinese government-aligned Advanced Persistent Threat (APT) group, recognized for its malicious cyber activities. The team has been active for over a decade, utilizing various types of malware, notably the Bisonal and ShadowPad backdoors, in campaigns against entities in Japan, Russi |
| Wicked Panda | Unspecified | 1 | Wicked Panda, also known as APT41, Double Dragon, and Bronze Atlas, is a state-sponsored threat actor originating from China. Recognized as one of the top cyber threats by the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center, this group has been associated wit |
| ID | Type | Votes | Profile Description |
|---|---|---|---|
| Korplug/plugx | Unspecified | 1 | None |
| Winnti/pasteboy | Unspecified | 1 | None |
| Source | CreatedAt | Title |
|---|---|---|
| BankInfoSecurity | a month ago | Researchers Uncover Chinese Hacking Cyberespionage Campaign |
| BankInfoSecurity | 4 months ago | iSoon Leak Shows Links to Chinese APT Groups |
| DARKReading | 4 months ago | Chinese APT 'Earth Krahang' Compromises 48 Gov't Orgs on 5 Continents |
| Trend Micro | 4 months ago | Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks |
| CERT-EU | 5 months ago | Anxun and Chinese APT Activity - ReliaQuest |
| CERT-EU | 5 months ago | i-SOON Data Leak: Key Points |
| Trend Micro | 5 months ago | Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections |
| CERT-EU | 5 months ago | A Mysterious Leak Exposed Chinese Hacking Secrets | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
| Unit42 | 5 months ago | Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns |
| CERT-EU | 5 months ago | Leaked documents show how firm supports Chinese hacking operations |
| Securelist | 8 months ago | Kaspersky malware report for Q3 2023 |
| CERT-EU | 9 months ago | Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers |
| CERT-EU | 10 months ago | Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors |
| CERT-EU | 10 months ago | Multiple Chinese APTs are attacking European targets, EU cyber agency warns | #ukscams | #datingscams | #european | #datingscams | #love | #relationships | #scams | #pof | #match.com | #dating | National Cyber Security Consulting |
| InfoSecurity-magazine | 10 months ago | Sophisticated APT Clusters Target Southeast Asia |
| CERT-EU | 10 months ago | New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government |
| Unit42 | 10 months ago | Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda |
| Unit42 | 10 months ago | Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government |
| Unit42 | 10 months ago | Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government |
| CERT-EU | 10 months ago | Hackers Deployed never-before-seen Linux Malware Attacking Government Entities |