🇨🇳
GhostEmperor
APT Group
Information theft and espionage
16 zero-day CVEs
ETDA ✓
Also Known As 5 names
FamousSparrow
OPERATOR PANDA
RedMike
Salt Typhoon
UNC2286
Target Countries 36
Countries highlighted in red
Afghanistan
Argentina
Austria
Bangladesh
Belgium
Burkina Faso
Brazil
Canada
China
Germany
Egypt
Ethiopia
France
United Kingdom
Guatemala
Indonesia
Israel
India
Islamic Republic of Iran
Liberia
Lithuania
Mexico
Malaysia
Nigeria
Netherlands
Philippines
Pakistan
Saudi Arabia
Singapore
Swaziland
Thailand
Province of China Taiwan
United States
Uruguay
Vietnam
South Africa
Sectors Targeted
NGOs
Food Manufacturing
311
Offices of Lawyers
541110
Engineering
Educational Services
61
National Security and International Affairs
9281
Personal Care Services
8121
Chemical Manufacturing
325
Legal Services
5411
Telecommunications
517
Pharmaceutical and Medicine Manufacturing
32541
Periodical Publishers
51112
Accommodation
721
Grantmaking and Giving Services
8132
law firms
Investigation, Guard, and Armored Car Services
56161
Management Consulting Services
54161
Hospitals
622
Construction
23
Electronic Shopping and Mail-Order Houses
4541
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Space Research and Technology
927
Telecommunications
Business, Professional, Labor, Political, and Similar Organizations
8139
Transportation
Hospitality
Other Personal Services
8129
Information
51
Computer Systems Design Services
541512
Utilities
22
NAICS:48
48
Outpatient Care Centers
6214
Chemical
Semiconductor and Other Electronic Component Manufacturing
33441
Health Care and Social Assistance
62
Education
Business Schools and Computer and Management Training
6114
Government
Public Administration
92
National Security and International Affairs
928110
Professional, Scientific, and Technical Services
54
Executive, Legislative, and Other General Government Support
9211
Internet Publishing and Broadcasting and Web Search Portals
51913
Technology
Management, Scientific, and Technical Consulting Services
5416
Computer Systems Design and Related Services
54151
Employment Placement Agencies and Executive Search Services
56131
Oil and Gas Extraction
211
Details
Origin
🇨🇳 CN
Last Updated
01 Sep 2025
Malware Families 1
dracu_loader
MITRE ATT&CK 132
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1005-Data from Local System
T1007 - System Service Discovery
T1010 - Application Window Discovery
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1021 - Remote Services
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1036.005 - Match Legitimate Name or Location
T1039- Data from Network Shared Drive
T1039-Data from Network Shared Drive
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1048.003
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1055 - Process Injection
T1055.001 - Dynamic-link Library Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059 -Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.002 - AppleScript
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.007 - JavaScript
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1070.002
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.002 - File Transfer Protocols
T1071.004 - DNS
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1098 - Account Manipulation
T1098.004
T1102 - Web Service
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1110.002
T1112 - Modify Registry
T1129 - Shared Modules
T1132 - Data Encoding
T1132.001 - Standard Encoding
T1133 - External Remote Services
T1134
T1136 - Create Account
T1140 - Deobfuscate/Decode Files or Information
T1190 - Exploit Public-Facing Application
T1190-Exploit Public Facing Application
T1197 - BITS Jobs
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution
T1204.002 - Malicious File
T1218 - Signed Binary Proxy Execution
T1222.002 - Linux and Mac File and Directory Permissions Modification
T1495 - Firmware Corruption
T1497 - Virtualization/Sandbox Evasion
T1505.003 - Web Shell
T1530 - Data from Cloud Storage Object
T1531 - Account Access Removal
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process
T1543.003 -Create or Modify System Process
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1553.006 - Code Signing Policy Modification
T1556 - Modify Authentication Process
T1557 - Man-in-the-Middle
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1562.004
T1564 - Hide Artifacts
T1566 - Phishing
T1567.002 - Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1569 - System Services
T1570 - Lateral Tool Transfer
T1571 - Non-Standard Port
T1572 - Protocol Tunneling
T1573.001 - Symmetric Cryptography
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1578 - Modify Cloud Compute Infrastructure
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.004 - Server
T1584 - Compromise Infrastructure
T1587
T1587.001 - Malware
T1588 - Obtain Capabilities
T1588.001 - Malware
T1588.002 - Tool
T1588.005 - Exploits
T1589.002 - Email Addresses
T1590 - Gather Victim Network Information
T1590.001 - Domain Properties
T1590.004
T1595 - Active Scanning
T1599 - Network Boundary Bridging
T1601.002 - Downgrade System Image
T1602 - Data from Configuration Repository
T1602.002
T1608.001 - Upload Malware
T1608.002 - Upload Tool
T1609 - Container Administration Command
T1610 - Deploy Container
T1685
T1685.006
T1686