🇨🇳
Twisted Panda
APT Group
Information theft and espionage
5 zero-day CVEs
ETDA ✓
Also Known As
No alias recordedTarget Countries 16
Countries highlighted in red
Argentina
Australia
Belarus
Canada
Germany
United Kingdom
India
Japan
Liberia
Nigeria
Russian Federation
Saudi Arabia
Province of China Taiwan
Ukraine
United States
Zambia
Sectors Targeted
Oil and Gas Extraction
211
Computer Systems Design and Related Services
54151
Educational Services
61
Motor Vehicle Manufacturing
3361
Public Administration
92
Internet Publishing and Broadcasting and Web Search Portals
51913
Defense
Pharmaceutical and Medicine Manufacturing
32541
Civic and Social Organizations
8134
Research and Development in the Social Sciences and Humanities
54172
Plastics Product Manufacturing
3261
Data Processing, Hosting, and Related Services
51821
Publishing Industries (except Internet)
511
Periodical Publishers
51112
Space Research and Technology
927
NAICS:31
31
Arts, Entertainment, and Recreation
71
Newspaper Publishers
51111
Computer Systems Design Services
541512
Educational Support Services
6117
Grantmaking and Giving Services
8132
National Security and International Affairs
928110
Automobile Dealers
4411
Other Amusement and Recreation Industries
7139
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Legal Services
5411
Utilities
22
Hospitals
622
Chemical Manufacturing
325
Religious Organizations
8131
Finance and Insurance
52
Performing Arts Companies
7111
Offices of Lawyers
541110
Telecommunications
517
Health Care and Social Assistance
62
Promoters of Performing Arts, Sports, and Similar Events
7113
Details
Origin
🇨🇳 CN
Last Updated
13 Apr 2026
Malware Families 11
ccleaner_backdoor
dilljuice
hui_loader
sorgu
unidentified_075
zhmimikatz
win.shadow_rat
anel
NewCore
darkstrat
win.sadbridge
MITRE ATT&CK 178
T1001
T1001.003
T1003
T1003.001
T1003.002
T1003.003
T1003.004
T1003.006
T1005 - Data from Local System
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1018
T1021
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1021.006 - Windows Remote Management
T1027 - Obfuscated Files or Information
T1027.007
T1027.012
T1027.013
T1027.016
T1030
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.003 - Rename System Utilities
T1036.004
T1036.005
T1036.007
T1036.008
T1037 - Boot or Logon Initialization Scripts
T1039
T1041
T1046
T1047
T1048
T1048.003
T1049 - System Network Connections Discovery
T1052
T1052.001
T1053
T1053.005
T1055 - Process Injection
T1055.012
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.007
T1068 - Exploitation for Privilege Escalation
T1069
T1069.002
T1070 - Indicator Removal on Host
T1070.003
T1070.004
T1070.006
T1071
T1071.001 - Web Protocols
T1072
T1074
T1074.001
T1074.002
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090
T1090.002
T1090.003 - Multi-hop Proxy
T1091
T1095
T1102
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112
T1113 - Screen Capture
T1115 - Clipboard Data
T1119
T1124 - System Time Discovery
T1127 - Trusted Developer Utilities Proxy Execution
T1127.001 - MSBuild
T1129
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1176.002
T1189 - Drive-by Compromise
T1190
T1193
T1199
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1205
T1210
T1218 - Signed Binary Proxy Execution
T1218.004
T1218.005 - Mshta
T1218.007
T1218.014
T1219
T1219.001
T1219.002
T1480
T1489 - Service Stop
T1490 - Inhibit System Recovery
T1497 - Virtualization/Sandbox Evasion
T1505 - Server Software Component
T1505.003
T1518 - Software Discovery
T1528 - Steal Application Access Token
T1530 - Data from Cloud Storage Object
T1539
T1543 - Create or Modify System Process
T1546
T1546.003
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555 - Credentials from Password Stores
T1557
T1557.002
T1560 - Archive Collected Data
T1560.001
T1560.003
T1562 - Impair Defenses
T1564
T1564.001
T1566 - Phishing
T1566.001
T1566.002
T1567
T1567.002
T1568
T1568.001
T1569 - System Services
T1571 - Non-Standard Port
T1572
T1573 - Encrypted Channel
T1573.001
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001
T1574.002 - DLL Side-Loading
T1574.005
T1583
T1583.001
T1583.006
T1585
T1585.002
T1586
T1586.002
T1587
T1587.001
T1588
T1588.001
T1588.002
T1588.003
T1588.004
T1593
T1598
T1598.003
T1608
T1608.001
T1608.004
T1608.005
T1622
T1654
T1678