SYMBOLCOMMON_NAMEaka. SYNONYMS

Pirate Panda  (Back to overview)

aka: APT23, APT 23, KeyBoy

Associated Families
win.8t_dropper
References
2020-03-21MalwareLab.plMaciej Kotowicz
@online{kotowicz:20200321:royal:da8fd16, author = {Maciej Kotowicz}, title = {{On the Royal Road}}, date = {2020-03-21}, organization = {MalwareLab.pl}, url = {https://blog.malwarelab.pl/posts/on_the_royal_road/}, language = {English}, urldate = {2020-03-24} } On the Royal Road
8.t Dropper
2020-03-20Medium SebdravenSébastien Larinier
@online{larinier:20200320:new:3da1211, author = {Sébastien Larinier}, title = {{New version of chinoxy backdoor using COVID19 alerts document lure}}, date = {2020-03-20}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/new-version-of-chinoxy-backdoor-using-covid19-document-lure-83fa294c0746}, language = {English}, urldate = {2020-03-26} } New version of chinoxy backdoor using COVID19 alerts document lure
8.t Dropper Chinoxy
2020-03-12Check PointCheck Point Research
@online{research:20200312:vicious:3218bb8, author = {Check Point Research}, title = {{Vicious Panda: The COVID Campaign}}, date = {2020-03-12}, organization = {Check Point}, url = {https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/}, language = {English}, urldate = {2020-03-13} } Vicious Panda: The COVID Campaign
8.t Dropper BYEBY Enfal Korlia Poison Ivy
2020-03-11Virus BulletinGhareeb Saad, Michael Raggi
@online{saad:20200311:attribution:3efcc0a, author = {Ghareeb Saad and Michael Raggi}, title = {{Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers}}, date = {2020-03-11}, organization = {Virus Bulletin}, url = {https://www.virusbulletin.com/virusbulletin/2020/03/vb2019-paper-attribution-object-using-rtf-object-dimensions-track-apt-phishing-weaponizers/}, language = {English}, urldate = {2020-03-13} } Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers
8.t Dropper
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-03-04} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Judgment Panda Kryptonite Panda MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2019-09-22Check Point ResearchCheck Point Research
@online{research:20190922:rancor:e834f67, author = {Check Point Research}, title = {{Rancor: The Year of The Phish}}, date = {2019-09-22}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2019/rancor-the-year-of-the-phish/}, language = {English}, urldate = {2020-03-04} } Rancor: The Year of The Phish
8.t Dropper Cobalt Strike
2019-07-23ProofpointMichael Raggi, Dennis Schwarz, Proofpoint Threat Insight Team
@online{raggi:20190723:chinese:804ec1c, author = {Michael Raggi and Dennis Schwarz and Proofpoint Threat Insight Team}, title = {{Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia}}, date = {2019-07-23}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/chinese-apt-operation-lagtime-it-targets-government-information-technology}, language = {English}, urldate = {2019-12-20} } Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
8.t Dropper Cotx RAT TA428
2019-01-03m4n0w4r
@online{m4n0w4r:20190103:another:2f48120, author = {m4n0w4r}, title = {{Another malicious document with CVE-2017–11882}}, date = {2019-01-03}, url = {https://tradahacking.vn/another-malicious-document-with-cve-2017-11882-839e9c0bbf2f}, language = {Vietnamese}, urldate = {2020-03-11} } Another malicious document with CVE-2017–11882
8.t Dropper
2018-11-03m4n0w4r
@online{m4n0w4r:20181103:l:d496fbd, author = {m4n0w4r}, title = {{Là 1937CN hay OceanLotus hay Lazarus …}}, date = {2018-11-03}, url = {https://tradahacking.vn/l%C3%A0-1937cn-hay-oceanlotus-hay-lazarus-6ca15fe1b241}, language = {Vietnamese}, urldate = {2020-03-11} } Là 1937CN hay OceanLotus hay Lazarus …
8.t Dropper
2018-07-31Medium SebdravenSébastien Larinier
@online{larinier:20180731:malicious:571d2df, author = {Sébastien Larinier}, title = {{Malicious document targets Vietnamese officials}}, date = {2018-07-31}, organization = {Medium Sebdraven}, url = {https://medium.com/@Sebdraven/malicious-document-targets-vietnamese-officials-acb3b9d8b80a?}, language = {English}, urldate = {2020-03-04} } Malicious document targets Vietnamese officials
8.t Dropper
2015-06-01CrowdStrikeAdam Kozy
@online{kozy:20150601:rhetoric:365c0d1, author = {Adam Kozy}, title = {{Rhetoric Foreshadows Cyber Activity in the South China Sea}}, date = {2015-06-01}, organization = {CrowdStrike}, url = {http://www.crowdstrike.com/blog/rhetoric-foreshadows-cyber-activity-in-the-south-china-sea/}, language = {English}, urldate = {2019-12-20} } Rhetoric Foreshadows Cyber Activity in the South China Sea
Lotus Panda Pirate Panda
2013-06-07Rapid7 LabsClaudio Guarnieri, Mark Schloesser
@online{guarnieri:20130607:keyboy:58ebd77, author = {Claudio Guarnieri and Mark Schloesser}, title = {{KeyBoy, Targeted Attacks against Vietnam and India}}, date = {2013-06-07}, organization = {Rapid7 Labs}, url = {https://blog.rapid7.com/2013/06/07/keyboy-targeted-attacks-against-vietnam-and-india/}, language = {English}, urldate = {2019-12-20} } KeyBoy, Targeted Attacks against Vietnam and India
KeyBoy Pirate Panda
Credits: MISP Project