G0143 · 35 ATT&CK techniques · 0 correlated reports

Aquatic Panda

Aliases: None listed

Aquatic Panda is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, Aquatic Panda has primarily targeted entities in the telecommunications, technology, and government sectors.

Open interactive actor investigation

ATT&CK techniques

T1027.010
Command Obfuscation T1087
Account Discovery T1070.004
File Deletion T1059.004
Unix Shell T1021.002
SMB/Windows Admin Shares T1036.004
Masquerade Task or Service T1574.006
Dynamic Linker Hijacking T1070.003
Clear Command History T1543.003
Windows Service T1550.002
Pass the Hash T1574.001
DLL Search Order Hijacking T1021.001
Remote Desktop Protocol T1005
Data from Local System T1070.001
Clear Windows Event Logs T1105
Ingress Tool Transfer T1007
System Service Discovery T1654
Log Enumeration T1021.004
SSH T1112
Modify Registry T1036.005
Match Legitimate Name or Location T1588.001
Malware T1518.001
Security Software Discovery T1059.003
Windows Command Shell T1562.001
Disable or Modify Tools T1033
System Owner/User Discovery T1047
Windows Management Instrumentation T1588.002
Tool T1595.002
Vulnerability Scanning T1003.001
LSASS Memory T1021
Remote Services T1082
System Information Discovery T1218.011
Rundll32 T1078.002
Domain Accounts T1560.001
Archive via Utility T1059.001
PowerShell

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research