SYMBOLCOMMON_NAMEaka. SYNONYMS

Vicious Panda  (Back to overview)

aka: SixLittleMonkeys

Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target. A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous group, dating back to at least 2016. Over the years, these operations targeted different sectors in multiple countries, such as Ukraine, Russia, and Belarus.

Associated Families

There are currently no families associated with this actor.

References
2021-10-26Kaspersky LabsGReAT
@online{great:20211026:trends:99fd183, author = {GReAT}, title = {{APT trends report Q3 2021}}, date = {2021-10-26}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q3-2021/104708}, language = {English}, urldate = {2022-08-26} } APT trends report Q3 2021
Vicious Panda
2021-03-10ESET ResearchThomas Dupuy, Matthieu Faou, Mathieu Tartare
@online{dupuy:20210310:exchange:8f65a1f, author = {Thomas Dupuy and Matthieu Faou and Mathieu Tartare}, title = {{Exchange servers under siege from at least 10 APT groups}}, date = {2021-03-10}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/}, language = {English}, urldate = {2021-03-11} } Exchange servers under siege from at least 10 APT groups
Microcin MimiKatz PlugX Winnti APT27 APT41 Calypso Tick ToddyCat Tonto Team Vicious Panda
2020-09-03Kaspersky LabsDavid Emm
@online{emm:20200903:it:99f6d5f, author = {David Emm}, title = {{IT threat evolution Q2 2020}}, date = {2020-09-03}, organization = {Kaspersky Labs}, url = {https://securelist.com/it-threat-evolution-q2-2020/98230}, language = {English}, urldate = {2022-08-28} } IT threat evolution Q2 2020
PhantomLance Aria-body COMpfun Vicious Panda
2020-07-29Kaspersky LabsGReAT
@online{great:20200729:trends:aa08607, author = {GReAT}, title = {{APT trends report Q2 2020}}, date = {2020-07-29}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2020/97937}, language = {English}, urldate = {2022-09-06} } APT trends report Q2 2020
Vicious Panda
2020-06-19Kaspersky LabsDenis Legezo
@online{legezo:20200619:microcin:c832dc1, author = {Denis Legezo}, title = {{Microcin is here}}, date = {2020-06-19}, organization = {Kaspersky Labs}, url = {https://securelist.com/microcin-is-here/97353}, language = {English}, urldate = {2022-07-25} } Microcin is here
Microcin Vicious Panda
2020-05-14Avast DecodedLuigino Camastra
@online{camastra:20200514:planted:7b94cc6, author = {Luigino Camastra}, title = {{APT Group Planted Backdoors Targeting High Profile Networks in Central Asia}}, date = {2020-05-14}, organization = {Avast Decoded}, url = {https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia}, language = {English}, urldate = {2022-07-25} } APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
BYEBY Ghost RAT Microcin MimiKatz Vicious Panda
2020-05-14ESET ResearchPeter Kálnai
@online{klnai:20200514:mikroceen:3e541ad, author = {Peter Kálnai}, title = {{Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia}}, date = {2020-05-14}, organization = {ESET Research}, url = {https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia}, language = {English}, urldate = {2022-07-25} } Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
Microcin Vicious Panda
2020-03-12Check Point ResearchCheck Point
@online{point:20200312:vicious:1d97e93, author = {Check Point}, title = {{Vicious Panda: The COVID Campaign}}, date = {2020-03-12}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign}, language = {English}, urldate = {2022-07-25} } Vicious Panda: The COVID Campaign
8.t Dropper Vicious Panda
2019-08-01Kaspersky LabsGReAT
@online{great:20190801:trends:2aa8746, author = {GReAT}, title = {{APT trends report Q2 2019}}, date = {2019-08-01}, organization = {Kaspersky Labs}, url = {https://securelist.com/apt-trends-report-q2-2019/91897}, language = {English}, urldate = {2022-08-26} } APT trends report Q2 2019
Vicious Panda
2017-11-25Kaspersky LabsVasily Berdnikov, Dmitry Karasovsky, Alexey Shulmin
@techreport{berdnikov:20171125:microcin:69e0ae0, author = {Vasily Berdnikov and Dmitry Karasovsky and Alexey Shulmin}, title = {{MICROCIN MALWARE: TECHNICAL DETAILS AND INDICATORS OF COMPROMISE}}, date = {2017-11-25}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170759/Microcin_Technical_4PDF_eng_final_s.pdf}, language = {English}, urldate = {2020-04-06} } MICROCIN MALWARE: TECHNICAL DETAILS AND INDICATORS OF COMPROMISE
Microcin Vicious Panda
2017-09-28Palo Alto Networks Unit 42Josh Grunzweig, Robert Falcone
@online{grunzweig:20170928:threat:8a5db81, author = {Josh Grunzweig and Robert Falcone}, title = {{Threat Actors Target Government of Belarus Using CMSTAR Trojan}}, date = {2017-09-28}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/unit42-threat-actors-target-government-belarus-using-cmstar-trojan}, language = {English}, urldate = {2022-07-25} } Threat Actors Target Government of Belarus Using CMSTAR Trojan
BYEBY CMSTAR Vicious Panda
2017-09-25Kaspersky LabsVasily Berdnikov, Dmitry Karasovsky, Alexey Shulmin
@online{berdnikov:20170925:simple:fced582, author = {Vasily Berdnikov and Dmitry Karasovsky and Alexey Shulmin}, title = {{A simple example of a complex cyberattack}}, date = {2017-09-25}, organization = {Kaspersky Labs}, url = {https://securelist.com/a-simple-example-of-a-complex-cyberattack/82636}, language = {English}, urldate = {2022-08-26} } A simple example of a complex cyberattack
Microcin Vicious Panda
Credits: MISP Project