SYMBOLCOMMON_NAMEaka. SYNONYMS

APT18  (Back to overview)

aka: DYNAMITE PANDA, TG-0416, SCANDIUM, PLA Navy, Wekby, G0026

Wekby was described by Palo Alto Networks in a 2015 report as: 'Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeams Flash zero - day exploit.'


Associated Families
win.httpbrowser win.roseam

References
2022-08-04MandiantMandiant
@online{mandiant:20220804:advanced:afb8956, author = {Mandiant}, title = {{Advanced Persistent Threats (APTs)}}, date = {2022-08-04}, organization = {Mandiant}, url = {https://www.mandiant.com/resources/insights/apt-groups}, language = {English}, urldate = {2022-08-30} } Advanced Persistent Threats (APTs)
APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:4db27ec, author = {SecureWorks}, title = {{BRONZE UNION}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-union}, language = {English}, urldate = {2020-05-23} } BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell APT27
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:18:82e1079, author = {Cyber Operations Tracker}, title = {{APT 18}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/apt-18}, language = {English}, urldate = {2019-12-20} } APT 18
APT18
2018-05-18NCC GroupNikolaos Pantazopoulos, Thomas Henry
@online{pantazopoulos:20180518:emissary:ed9583a, author = {Nikolaos Pantazopoulos and Thomas Henry}, title = {{Emissary Panda – A potential new malicious tool}}, date = {2018-05-18}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/emissary-panda-a-potential-new-malicious-tool/}, language = {English}, urldate = {2021-03-22} } Emissary Panda – A potential new malicious tool
HttpBrowser
2017-05-31MITREMITRE
@online{mitre:20170531:apt18:deb24dc, author = {MITRE}, title = {{APT18}}, date = {2017-05-31}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0026}, language = {English}, urldate = {2022-07-05} } APT18
Ghost RAT HttpBrowser APT18
2016-10-17ThreatConnectThreatConnect
@online{threatconnect:20161017:tale:b318dae, author = {ThreatConnect}, title = {{A Tale of Two Targets}}, date = {2016-10-17}, organization = {ThreatConnect}, url = {https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/}, language = {English}, urldate = {2019-12-02} } A Tale of Two Targets
HttpBrowser APT27
2016-05-24Palo Alto Networks Unit 42Josh Grunzweig, Mike Scott, Bryan Lee
@online{grunzweig:20160524:new:d1cd669, author = {Josh Grunzweig and Mike Scott and Bryan Lee}, title = {{New Wekby Attacks Use DNS Requests As Command and Control Mechanism}}, date = {2016-05-24}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/}, language = {English}, urldate = {2019-12-20} } New Wekby Attacks Use DNS Requests As Command and Control Mechanism
Roseam
2015-02-27ThreatConnectThreatConnect Research Team
@online{team:20150227:anthem:ac7d814, author = {ThreatConnect Research Team}, title = {{The Anthem Hack: All Roads Lead to China}}, date = {2015-02-27}, organization = {ThreatConnect}, url = {https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/}, language = {English}, urldate = {2020-04-06} } The Anthem Hack: All Roads Lead to China
HttpBrowser
2015-02-06CrowdStrikeCrowdStrike
@techreport{crowdstrike:20150206:crowdstrike:fbcc37f, author = {CrowdStrike}, title = {{CrowdStrike Global Threat Intel Report 2014}}, date = {2015-02-06}, institution = {CrowdStrike}, url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf}, language = {English}, urldate = {2020-05-11} } CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2014-08-19Michael Mimoso
@online{mimoso:20140819:gang:ddbcb8b, author = {Michael Mimoso}, title = {{APT Gang Branches Out to Medical Espionage in Community Health Breach}}, date = {2014-08-19}, url = {https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828}, language = {English}, urldate = {2019-11-25} } APT Gang Branches Out to Medical Espionage in Community Health Breach
APT18

Credits: MISP Project