SYMBOLCOMMON_NAMEaka. SYNONYMS

TEMPER PANDA  (Back to overview)

aka: Admin338, Team338, MAGNESIUM, admin@338, G0018

China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. This threat actor targets prodemocratic activists and organizations in Hong Kong, European and international financial institutions, and a U.S.-based think tank.

Associated Families

There are currently no families associated with this actor.

References
2019MITREMITRE ATT&CK
@online{attck:2019:admin338:c8e4d93, author = {MITRE ATT&CK}, title = {{Group description: admin@338}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0018/}, language = {English}, urldate = {2019-12-20} } Group description: admin@338
TEMPER PANDA
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:admin338:bffdfdd, author = {Cyber Operations Tracker}, title = {{admin@338}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/admin338}, language = {English}, urldate = {2019-12-20} } admin@338
TEMPER PANDA
2015-12-01FireEyeFireEye Threat Intelligence
@online{intelligence:20151201:chinabased:8836a81, author = {FireEye Threat Intelligence}, title = {{China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets}}, date = {2015-12-01}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html}, language = {English}, urldate = {2019-12-20} } China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
BUBBLEWRAP LOWBALL TEMPER PANDA
2013-10-31FireEyeThoufique Haq, Ned Moran
@online{haq:20131031:know:e772ee9, author = {Thoufique Haq and Ned Moran}, title = {{Know Your Enemy: Tracking A Rapidly Evolving APT Actor}}, date = {2013-10-31}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html}, language = {English}, urldate = {2019-12-20} } Know Your Enemy: Tracking A Rapidly Evolving APT Actor
Bozok Poison Ivy TEMPER PANDA
Credits: MISP Project