SYMBOLCOMMON_NAMEaka. SYNONYMS

Thrip  (Back to overview)

aka: LOTUS PANDA

This threat actor targets organizations in the satellite communications, telecommunications, geospatial-imaging, and defense sectors in the United States and Southeast Asia for espionage purposes.


Associated Families
win.spedear win.catchamas win.wmighost win.rikamanu

References
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-07-24} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2019MITREMITRE ATT&CK
@online{attck:2019:thrip:b7cf7c3, author = {MITRE ATT&CK}, title = {{Group description: Thrip}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0076/}, language = {English}, urldate = {2019-12-20} } Group description: Thrip
Thrip
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:thrip:9a9e550, author = {Cyber Operations Tracker}, title = {{Thrip}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/thrip}, language = {English}, urldate = {2019-12-20} } Thrip
Thrip
2018-06-19SymantecSecurity Response Attack Investigation Team
@online{team:20180619:thrip:4662184, author = {Security Response Attack Investigation Team}, title = {{Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies}}, date = {2018-06-19}, organization = {Symantec}, url = {https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets}, language = {English}, urldate = {2020-01-09} } Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies
Catchamas Rikamanu Spedear WMI Ghost Thrip
2017-07-17Secrary BlogLasha Khasaia
@online{khasaia:20170717:wmighost:20b59d3, author = {Lasha Khasaia}, title = {{WMIGhost / Wimmie - WMI malware}}, date = {2017-07-17}, organization = {Secrary Blog}, url = {https://secrary.com/ReversingMalware/WMIGhost/}, language = {English}, urldate = {2019-12-24} } WMIGhost / Wimmie - WMI malware
WMI Ghost

Credits: MISP Project