G0009 · 10 ATT&CK techniques · 0 correlated reports

Deep Panda

Aliases: Shell Crew, WebMasters, KungFu Kittens, PinkPanther, Black Vine

Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. The intrusion into healthcare company Anthem has been attributed to Deep Panda. This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. Deep Panda also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. Some analysts track Deep Panda and APT19 as the same group, but it is unclear from open source information if the groups are the same.

Open interactive actor investigation

ATT&CK techniques

T1057
Process Discovery T1018
Remote System Discovery T1505.003
Web Shell T1027.005
Indicator Removal from Tools T1218.010
Regsvr32 T1564.003
Hidden Window T1059.001
PowerShell T1546.008
Accessibility Features T1047
Windows Management Instrumentation T1021.002
SMB/Windows Admin Shares

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research