← threatfilter.dev / all groups / Deep Panda
Deep Panda
Also known as: Shell Crew · WebMasters · KungFu Kittens · PinkPanther · Black Vine
Overview
Deep Panda is a suspected Chinese threat group known to target many industries, including government, defense, financial, and telecommunications. The intrusion into healthcare company Anthem has been attributed to Deep Panda. This group is also known as Shell Crew, WebMasters, KungFu Kittens, and PinkPanther. Deep Panda also appears to be known as Black Vine based on the attribution of both group names to the Anthem intrusion. Some analysts track Deep Panda and APT19 as the same group, but it is unclear from open source information if the groups are the same.
Targets
Finance · Military · Non-profit Organisation · Private sector · Technology
Regions
United States
Capabilities
- Custom malware/implant development — ATT&CK: 4 attributed custom malware families
TTPs — 10 techniques across 6 tactics
Execution
-
T1047Windows Management Instrumentation -
T1059.001PowerShell
Persistence
-
T1505.003Web Shell
Privilege Escalation
-
T1546.008Accessibility Features
Stealth
-
T1027.005Indicator Removal from Tools -
T1218.010Regsvr32 -
T1564.003Hidden Window
Discovery
-
T1018Remote System Discovery -
T1057Process Discovery
Lateral Movement
-
T1021.002SMB/Windows Admin Shares
Tools & malware (7)
Mivast · Ping · Net · StreamEx · Sakula · Tasklist · Derusbi
Reporting (3)
- ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts — Scott, J. and Spaniel, D
- The Black Vine cyberespionage group — DiMaggio, J.
- The Anthem Hack: All Roads Lead to China — ThreatConnect Research Team