SYMBOLCOMMON_NAMEaka. SYNONYMS

APT18  (Back to overview)

aka: DYNAMITE PANDA, G0026, PLA Navy, SCANDIUM, TG-0416, Wekby

Wekby was described by Palo Alto Networks in a 2015 report as: 'Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeams Flash zero - day exploit.'


Associated Families
win.httpbrowser win.roseam

References
2022-08-08BrandefenseBrandefense
Dynamite Panda APT Group
Roseam
2022-08-04MandiantMandiant
Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2020-01-01SecureworksSecureWorks
BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27
2019-01-01Council on Foreign RelationsCyber Operations Tracker
APT 18
APT18
2018-05-18NCC GroupNikolaos Pantazopoulos, Thomas Henry
Emissary Panda – A potential new malicious tool
HttpBrowser
2017-05-31MITREMITRE
APT18
Ghost RAT HttpBrowser APT18
2016-10-17ThreatConnectThreatConnect
A Tale of Two Targets
HttpBrowser APT27
2016-05-24Palo Alto Networks Unit 42Bryan Lee, Josh Grunzweig, Mike Scott
New Wekby Attacks Use DNS Requests As Command and Control Mechanism
Roseam
2015-02-27ThreatConnectThreatConnect Research Team
The Anthem Hack: All Roads Lead to China
HttpBrowser
2015-02-06CrowdStrikeCrowdStrike
CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2014-08-19Michael Mimoso
APT Gang Branches Out to Medical Espionage in Community Health Breach
APT18

Credits: MISP Project