🇨🇳
Stone Panda
APT Group
Information theft and espionage
3 zero-day CVEs
ETDA ✓
Also Known As 16 names
ATK41
BRONZE RIVERSIDE
CVNX
Cicada
Cloud Hopper
G0045
Granite Taurus
HOGFISH
Menupass Team
POTASSIUM
Purple Typhoon
Red Apollo
APT10
TA429
happyyongzi
APT 10
Target Countries 29
Countries highlighted in red
Australia
Belgium
Brazil
Canada
Switzerland
China
Germany
Finland
France
United Kingdom
Hong Kong
Israel
India
Italy
Japan
Republic of Korea
Montenegro
Netherlands
Norway
Philippines
Sweden
Singapore
Thailand
Turkey
Province of China Taiwan
United States
Vietnam
South Africa
Zambia
Sectors Targeted
Pharmaceutical
NGOs
Grantmaking and Giving Services
8132
Defense
Oil and Gas Extraction
211
IT
Telecommunications
Motor Vehicle Manufacturing
3361
Healthcare
Other Amusement and Recreation Industries
7139
Civic and Social Organizations
8134
Energy
Aerospace
Media
MSPs
Government
High-Tech
Computer Systems Design and Related Services
54151
Offices of Lawyers
541110
Financial
Performing Arts Companies
7111
Computer Systems Design Services
541512
Internet Publishing and Broadcasting and Web Search Portals
51913
Details
Origin
🇨🇳 CN
Last Updated
28 May 2025
Malware Families 10
dilljuice
hui_loader
sorgu
unidentified_075
zhmimikatz
anel
pushdo
NewCore
darkstrat
clipper
MITRE ATT&CK 137
T1003 - OS Credential Dumping
T1003.002
T1003.003
T1003.004
T1005
T1011 - Exfiltration Over Other Network Medium
T1012 - Query Registry
T1016
T1018
T1021
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.004 - Compile After Delivery
T1027.013
T1030
T1036 - Masquerading
T1036.003
T1036.005
T1039
T1045 - Software Packing
T1046
T1047 - Windows Management Instrumentation
T1049
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1055.012
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005 - Visual Basic
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1069 - Permission Groups Discovery
T1069.002 - Domain Groups
T1070 - Indicator Removal on Host
T1070.003
T1070.004
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.004 - DNS
T1072 - Software Deployment Tools
T1074
T1074.001
T1074.002
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1087.002
T1090
T1090.002
T1095
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106 - Native API
T1112 - Modify Registry
T1113 - Screen Capture
T1115 - Clipboard Data
T1119 - Automated Collection
T1123
T1124
T1127 - Trusted Developer Utilities Proxy Execution
T1129 - Shared Modules
T1132 - Data Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1136 - Create Account
T1137
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1158 - Hidden Files and Directories
T1176
T1189
T1190 - Exploit Public-Facing Application
T1192
T1194
T1195
T1199
T1204 - User Execution
T1204.002 - Malicious File
T1210 - Exploitation of Remote Services
T1213.001
T1218
T1218.004
T1219 - Remote Access Software
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1474 - Supply Chain Compromise
T1480 - Execution Guardrails
T1497 - Virtualization/Sandbox Evasion
T1518 - Software Discovery
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1546 - Event Triggered Execution
T1547 - Boot or Logon Autostart Execution
T1548.002 - Bypass User Account Control
T1552 - Unsecured Credentials
T1553 - Subvert Trust Controls
T1553.002
T1558 - Steal or Forge Kerberos Tickets
T1560 - Archive Collected Data
T1560.001
T1562 - Impair Defenses
T1566 - Phishing
T1566.001
T1566.002 - Spearphishing Link
T1568 - Dynamic Resolution
T1568.001
T1568.002 - Domain Generation Algorithms
T1569 - System Services
T1570 - Lateral Tool Transfer
T1571
T1573 - Encrypted Channel
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001
T1574.002
T1574.006 - Dynamic Linker Hijacking
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.005 - Botnet
T1587.001
T1588
T1588.001
T1588.002
T1590 - Gather Victim Network Information
T1591 - Gather Victim Org Information
T1608.001
TA0011 - Command and Control
TA0037 - Command and Control