🇨🇳
Mustang Panda
APT Group
Information theft and espionage
18 zero-day CVEs
ETDA ✓
Also Known As 12 names
BASIN
BRONZE PRESIDENT
Earth Preta
HoneyMyte
LuminousMoth
Polaris
Red Lich
Stately Taurus
TA416
TANTALUM
TEMP.HEX
Twill Typhoon
Target Countries 41
Countries highlighted in red
Argentina
Australia
Bangladesh
Belgium
Bulgaria
China
Cyprus
Czech Republic
Germany
Ethiopia
France
United Kingdom
Greece
Hong Kong
Hungary
Indonesia
India
Japan
Cambodia
Republic of Korea
Liberia
Myanmar
Mongolia
Malaysia
Nigeria
Nepal
Philippines
Pakistan
Russian Federation
Saudi Arabia
Sweden
Singapore
Slovakia
South Sudan
Thailand
Province of China Taiwan
Ukraine
United States
Holy See (Vatican City State)
Vietnam
South Africa
Sectors Targeted
Civic and Social Organizations
8134
Legal Services
5411
Think Tanks
Pharmaceutical and Medicine Manufacturing
32541
Periodical Publishers
51112
Data Processing, Hosting, and Related Services
51821
Aviation
Data Processing, Hosting, and Related Services
518
Chemical Manufacturing
325
Plastics Product Manufacturing
3261
NGOs
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Healthcare
Air Transportation
481
Promoters of Performing Arts, Sports, and Similar Events
7113
Computer Systems Design and Related Services
54151
Telecommunications
Telecommunications
517
Public Administration
92
Health Care and Social Assistance
62
Educational Services
61
NAICS:31
31
Insurance Carriers and Related Activities
524
Government
Computer Systems Design Services
541512
Hospitals
622
Publishing Industries (except Internet)
511
Education
Offices of Lawyers
541110
Finance and Insurance
52
Newspaper Publishers
51111
Details
Origin
🇨🇳 CN
Last Updated
11 Sep 2025
Malware Families 8
ccleaner_backdoor
sorgu
unidentified_075
zhmimikatz
win.shadow_rat
NewCore
darkstrat
win.sadbridge
MITRE ATT&CK 171
T1001 - Data Obfuscation
T1001.003 - Protocol Impersonation
T1003
T1003.001
T1003.003
T1003.006
T1005 - Data from Local System
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1018
T1021 - Remote Services
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.006 - Windows Remote Management
T1027 - Obfuscated Files or Information
T1027.007
T1027.012
T1027.013
T1027.016
T1030
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.003 - Rename System Utilities
T1036.004
T1036.005 - Match Legitimate Name or Location
T1036.007
T1036.008
T1037 - Boot or Logon Initialization Scripts
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1047
T1048
T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1049 - System Network Connections Discovery
T1052
T1052.001
T1053
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.007
T1068 - Exploitation for Privilege Escalation
T1069
T1069.002
T1070 - Indicator Removal on Host
T1070.004
T1070.006
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072
T1074
T1074.001
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090 - Proxy
T1090.003 - Multi-hop Proxy
T1091 - Replication Through Removable Media
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112
T1113 - Screen Capture
T1115 - Clipboard Data
T1119
T1124 - System Time Discovery
T1127 - Trusted Developer Utilities Proxy Execution
T1127.001 - MSBuild
T1129 - Shared Modules
T1132 - Data Encoding
T1132.001 - Standard Encoding
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1176.002
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1195 - Supply Chain Compromise
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1205
T1218 - Signed Binary Proxy Execution
T1218.004
T1218.005 - Mshta
T1218.007
T1218.014
T1219
T1219.001
T1219.002
T1480
T1489 - Service Stop
T1490 - Inhibit System Recovery
T1497 - Virtualization/Sandbox Evasion
T1497.001 - System Checks
T1505 - Server Software Component
T1505.003
T1518 - Software Discovery
T1528 - Steal Application Access Token
T1530 - Data from Cloud Storage Object
T1539
T1543 - Create or Modify System Process
T1546
T1546.003
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555 - Credentials from Password Stores
T1557
T1557.002
T1560 - Archive Collected Data
T1560.001
T1560.003
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1564
T1564.001
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1567
T1567.002
T1569 - System Services
T1571 - Non-Standard Port
T1572
T1573 - Encrypted Channel
T1573.001 - Symmetric Cryptography
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1574.005
T1583 - Acquire Infrastructure
T1583.001
T1583.006
T1585
T1585.002
T1586
T1586.002
T1587 - Develop Capabilities
T1587.001 - Malware
T1588
T1588.001
T1588.002
T1588.003
T1588.004
T1590 - Gather Victim Network Information
T1593
T1598
T1598.003
T1608 - Stage Capabilities
T1608.001 - Upload Malware
T1608.004
T1608.005
T1622
T1654
T1678