🇨🇳
Vicious Panda
APT Group
Information theft and espionage
14 zero-day CVEs
ETDA ✓
Also Known As 9 names
Vicious Panda
Panda
BRONZE DUDLEY
Colourful Panda
Bronze Dudley
TA428
ThunderCats
Temp.Hex
SixLittleMonkeys
Target Countries 4
Countries highlighted in red
Afghanistan
Belarus
Mongolia
Ukraine
Sectors Targeted
Military
Government
Aerospace
Defense
Airlines
industrial plants, design bureaus and research institutes
Travel
Aviation
Satellite
Details
Origin
🇨🇳 CN
Last Updated
05 Jan 2026
Malware Families 4
havex_rat
win.dragonbreath
Zeus Panda
zeus_action
MITRE ATT&CK 69
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1011 - Exfiltration Over Other Network Medium
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1036.003 - Rename System Utilities
T1040 - Network Sniffing
T1045 - Software Packing
T1046 - Network Service Scanning
T1048 - Exfiltration Over Alternative Protocol
T1048.001 - Exfiltration Over Symmetric Encrypted Non-C2 Protocol
T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1055 - Process Injection
T1055.009 - Proc Memory
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1069 - Permission Groups Discovery
T1069.002 - Domain Groups
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.004 - DNS
T1082 - System Information Discovery
T1090.003 - Multi-hop Proxy
T1100 - Web Shell
T1105 - Ingress Tool Transfer
T1112 - Modify Registry
T1113 - Screen Capture
T1119 - Automated Collection
T1127.001 - MSBuild
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1156 - Malicious Shell Modification
T1195 - Supply Chain Compromise
T1195.001 - Compromise Software Dependencies and Development Tools
T1199 - Trusted Relationship
T1218 - Signed Binary Proxy Execution
T1218.005 - Mshta
T1219 - Remote Access Software
T1457 - Malicious Media Content
T1480 - Execution Guardrails
T1484 - Domain Policy Modification
T1489 - Service Stop
T1490 - Inhibit System Recovery
T1497 - Virtualization/Sandbox Evasion
T1518.001 - Security Software Discovery
T1531 - Account Access Removal
T1543.003 - Windows Service
T1546 - Event Triggered Execution
T1548 - Abuse Elevation Control Mechanism
T1553.002 - Code Signing
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1568 - Dynamic Resolution
T1568.002 - Domain Generation Algorithms
T1572 - Protocol Tunneling
T1573 - Encrypted Channel
T1573.002 - Asymmetric Cryptography
T1574.002 - DLL Side-Loading
T1587.001 - Malware
T1588.002 - Tool
T1608.001 - Upload Malware