Vicious Panda

Also known as: SixLittleMonkeys, Vicious Panda

Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target. A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous group, dating back to at least 2016. Over the years, these operations targeted different sectors in multiple countries, such as Ukraine, Russia, and Belarus.

🌍 Country China

Targeted Victims

Belarus Russia Mongolia Ukraine

Introduction

Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target. A closer look at this campaign allowed us to tie it to other operations which were carried out by the same anonymous group, dating back to at least 2016. Over the years, these operations targeted different sectors in multiple countries, such as Ukraine, Russia, and Belarus.

Activities and Tactics

Country of Origin: 🇨🇳 China

Suspected Victims: Belarus, Russia, Mongolia, Ukraine

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • Unknown Logger
  • Back Orifice
  • Back Orifice 2000
  • Virus RAT
  • Microcin:
  • BYEBY:
  • Mikroceen:

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.