Stately Taurus

Malware Profile Updated a month ago
Download STIX
Preview STIX
Stately Taurus, also known as Mustang Panda, Bronze President, Red Delta, LuminousMoth, Earth Preta, and Camaro Dragon, is a potent malware linked to Chinese Advanced Persistent Threat (APT) activities. The first signs of its operation date back to at least 2012, with notable activity traced to March 2022 when the "Nupakage" data exfiltration tool was deployed to victim government networks. This malware has been associated with cyberespionage attacks against various entities worldwide, including the Philippines government and the Myanmar Military Junta. Moreover, it leveraged events such as the ASEAN-Australia Special Summit for its operations. The threat actor behind Stately Taurus uses an undocumented variant of the ToneShell backdoor, previously reported by Trend Micro. This malware has been identified in campaigns attributed to China-aligned actors like Space Pirates in Operation Iron Tiger and Operation Exorcist, targeting the Catholic Church. These operations share overlapping infrastructure with APT groups like Mustang Panda, indicating a shared operational base exclusively used by Chinese nation-state threat actors, including Iron Taurus (aka APT27), Starchy Taurus (aka Winnti), and Stately Taurus itself. Detection and prevention of Stately Taurus have been made possible through advanced threat detection engines like WildFire and Prisma Cloud Defender. WildFire, a cloud-based threat detection engine, classifies Stately Taurus malware samples as malicious, while Prisma Cloud Defender agents with WildFire integration can detect and prevent malicious execution of these samples on Windows-based VM, container, and serverless cloud infrastructure.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mustang Panda
5
Mustang Panda, also known as Bronze President, Nomad Panda, Naikon, Earth Preta, and Stately Taurus, is a Chinese-aligned threat actor that has been associated with widespread attacks against various countries in the Asia-Pacific region. The group's malicious activities were first traced back to Mar
Camaro Dragon
4
Camaro Dragon, a Chinese state-sponsored threat actor, has been identified as the source of several cyber attacks on European foreign affairs entities. Checkpoint Research has discovered and analyzed a custom firmware image affiliated with Camaro Dragon, which contained multiple malicious components
Gelsemium
2
Gelsemium is a sophisticated malware associated with Advanced Persistent Threat (APT) activities. It is known for its stealthy operations and the use of server-side exploits to deploy a web shell and multiple custom tools on targeted systems. The malware has been used in cyber-attacks against variou
Taurus
2
Taurus is a malicious software (malware) that has been associated with multiple cyber threat actors, notably Stately Taurus, Iron Taurus, and Starchy Taurus, all of which have connections to Chinese Advanced Persistent Threats (APTs). The malware is designed to infiltrate systems and steal personal
Alloy Taurus
2
Alloy Taurus, a threat actor group, has been identified as a significant cybersecurity concern due to its persistent attempts at cyberespionage, primarily targeting the government sector in Southeast Asia. The activity of this group was first observed in early 2022 and continued throughout 2023, dur
Granite Typhoon
1
Granite Typhoon is a notable malware that has been implicated in several cyber-attacks on various organizations and entities. The malware, which operates by infiltrating systems through suspicious downloads, emails, or websites, has been linked to attacks on telecommunications firms in 2023, an oper
Earth Preta
1
Earth Preta, also known as Mustang Panda, Bronze President, TA416, RedDelta, and Stately Taurus, is a prominent threat actor group that has been operational since at least 2012. The group has been highly active in Europe and Asia, employing a variety of tools and malware for their malicious activiti
Winnti
1
Winnti, a threat actor or group also known as Starchy Taurus and APT41, has been active since at least 2007, first identified by Kaspersky in 2013. This Chinese state-sponsored entity is renowned for its ability to target supply chains of legitimate software to disseminate malware. The group is link
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Government
Apt
Malware
Backdoor
Chinese
Phishing
State Sponso...
China
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Raspberry RobinUnspecified
2
Raspberry Robin is a sophisticated malware that has been designed to exploit and damage computer systems. This malicious software infiltrates the system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once embedded, Raspberry Robin can steal personal information, di
Iron TaurusUnspecified
2
Iron Taurus, also known as APT27, is a malware that has been linked to various cyber-espionage activities. This malicious software is designed to infiltrate systems surreptitiously through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operatio
ShadowPadUnspecified
1
ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in
DoplugsUnspecified
1
DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U
PlugXUnspecified
1
PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Aqua BlizzardUnspecified
2
Aqua Blizzard, previously known as ACTINIUM, is a significant threat actor originating from Russia. Recently, Microsoft revamped its naming convention for threat groups, transitioning from all-cap names based on atomic elements to a two-name scheme inspired by storm terminology. Aqua Blizzard has be
APT27Unspecified
2
APT27, also known as Iron Taurus, is a Chinese threat actor group that primarily engages in cyber operations with the goal of intellectual property theft. The group targets multiple organizations worldwide, including those in North and South America, Europe, and the Middle East. APT27 utilizes vario
GamaredonUnspecified
2
Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been actively tracked since 2013 and is recognized as a significant threat actor in the cybersecurity landscape. Its primary target is Ukraine, against which it deploys an array of home-brewed malware through malicious documents. The E
Iron TigerUnspecified
1
Iron Tiger, also known as Iron Taurus or APT27, is a threat actor group known for executing malicious actions with the intent of espionage. The group became prominent after its involvement in Operation Iron Tiger, which was reported in 2015. This operation was a series of Chinese cyber-espionage att
Primitive BearUnspecified
1
Primitive Bear, also known as Gamaredon, UAC-0010, and Shuckworm, is a threat actor associated with Russia that has been actively targeting Ukraine for over a decade. This group has primarily focused on organizations within government, defense, and critical infrastructure sectors. Since our update i
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Stately Taurus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
Chinese Threat Clusters Triple-Team High-Profile Asian Government Org
BankInfoSecurity
2 months ago
Active Chinese Cyberespionage Campaign Rifling Email Servers
Unit42
2 months ago
Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
InfoSecurity-magazine
4 months ago
Chinese Hackers Target ASEAN Entities in Espionage Campaign
Unit42
4 months ago
ASEAN Entities in the Spotlight: Chinese APT Group Targeting
CERT-EU
4 months ago
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
DARKReading
4 months ago
'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
CERT-EU
5 months ago
Sophisticated PlugX backdoor variant leveraged in Mustang Panda attacks
CERT-EU
6 months ago
Philippines turns to hackers for help as US warns of China cyberthreat
CERT-EU
6 months ago
Philippines Turn to Hackers For Cybersecurity Help as Tensions With China Rise | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
As China cyber threat grows, Philippines’ understaffed security team turns to hackers for help | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
DARKReading
8 months ago
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
BankInfoSecurity
8 months ago
Breach Roundup: Filipinos Under Fire From 'Mustang Panda'
DARKReading
8 months ago
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
CERT-EU
8 months ago
Stately Taurus targets the Philippines as tensions flare in the South Pacific - Cyber Security Review
Unit42
8 months ago
Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific
CERT-EU
10 months ago
New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
Unit42
10 months ago
Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus
Unit42
10 months ago
Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda
Unit42
10 months ago
Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government