SYMBOLCOMMON_NAMEaka. SYNONYMS

Wekby  (Back to overview)

aka: Dynamite Panda, TG-0416, APT 18, SCANDIUM, PLA Navy, APT18, G0026

Wekby was described by Palo Alto Networks in a 2015 report as: 'Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after those exploits are available, such as in the case of HackingTeams Flash zero - day exploit.'

Associated Families
win.httpbrowser win.roseam
References
2020SecureworksSecureWorks
@online{secureworks:2020:bronze:4db27ec, author = {SecureWorks}, title = {{BRONZE UNION}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/bronze-union}, language = {English}, urldate = {2020-05-23} } BRONZE UNION
9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell EMISSARY PANDA
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:18:82e1079, author = {Cyber Operations Tracker}, title = {{APT 18}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/apt-18}, language = {English}, urldate = {2019-12-20} } APT 18
Wekby
2018-05-18NCC GroupNikolaos Pantazopoulos, Thomas Henry
@online{pantazopoulos:20180518:emissary:ed9583a, author = {Nikolaos Pantazopoulos and Thomas Henry}, title = {{Emissary Panda – A potential new malicious tool}}, date = {2018-05-18}, organization = {NCC Group}, url = {https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/emissary-panda-a-potential-new-malicious-tool/}, language = {English}, urldate = {2021-03-22} } Emissary Panda – A potential new malicious tool
HttpBrowser
2017-05-31MITREMITRE
@online{mitre:20170531:apt18:deb24dc, author = {MITRE}, title = {{APT18}}, date = {2017-05-31}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0026}, language = {English}, urldate = {2022-07-05} } APT18
Ghost RAT HttpBrowser Wekby
2016-10-17ThreatConnectThreatConnect
@online{threatconnect:20161017:tale:b318dae, author = {ThreatConnect}, title = {{A Tale of Two Targets}}, date = {2016-10-17}, organization = {ThreatConnect}, url = {https://www.threatconnect.com/blog/threatconnect-discovers-chinese-apt-activity-in-europe/}, language = {English}, urldate = {2019-12-02} } A Tale of Two Targets
HttpBrowser EMISSARY PANDA
2016-05-24Palo Alto Networks Unit 42Josh Grunzweig, Mike Scott, Bryan Lee
@online{grunzweig:20160524:new:d1cd669, author = {Josh Grunzweig and Mike Scott and Bryan Lee}, title = {{New Wekby Attacks Use DNS Requests As Command and Control Mechanism}}, date = {2016-05-24}, organization = {Palo Alto Networks Unit 42}, url = {http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/}, language = {English}, urldate = {2019-12-20} } New Wekby Attacks Use DNS Requests As Command and Control Mechanism
Roseam
2015-02-27ThreatConnectThreatConnect Research Team
@online{team:20150227:anthem:ac7d814, author = {ThreatConnect Research Team}, title = {{The Anthem Hack: All Roads Lead to China}}, date = {2015-02-27}, organization = {ThreatConnect}, url = {https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/}, language = {English}, urldate = {2020-04-06} } The Anthem Hack: All Roads Lead to China
HttpBrowser
2015-02-06CrowdStrikeCrowdStrike
@techreport{crowdstrike:20150206:crowdstrike:fbcc37f, author = {CrowdStrike}, title = {{CrowdStrike Global Threat Intel Report 2014}}, date = {2015-02-06}, institution = {CrowdStrike}, url = {https://web.archive.org/web/20200509171721/https://raw.githubusercontent.com/fdiskyou/threat-INTel/master/2015/GlobalThreatIntelReport.pdf}, language = {English}, urldate = {2020-05-11} } CrowdStrike Global Threat Intel Report 2014
BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor
2014-08-19Michael Mimoso
@online{mimoso:20140819:gang:ddbcb8b, author = {Michael Mimoso}, title = {{APT Gang Branches Out to Medical Espionage in Community Health Breach}}, date = {2014-08-19}, url = {https://threatpost.com/apt-gang-branches-out-to-medical-espionage-in-community-health-breach/107828}, language = {English}, urldate = {2019-11-25} } APT Gang Branches Out to Medical Espionage in Community Health Breach
Wekby
Credits: MISP Project