← threatfilter.dev / all groups / Putter Panda
Putter Panda
Also known as: APT2 · MSUpdater
Overview
Putter Panda is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department (GSD).
Targets
Government · Private sector
Regions
U.S. satellite and aerospace sector
Capabilities
- Custom malware/implant development — ATT&CK: 4 attributed custom malware families
TTPs — 4 techniques across 3 tactics
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1027.013Encrypted/Encoded File -
T1055.001Dynamic-link Library Injection
Defense Impairment
-
T1685Disable or Modify Tools
Tools & malware (4)
pngdowner · 3PARA RAT · 4H RAT · httpclient
Reporting (2)
- Puttering into the Future — Gross, J. and Walter, J.
- CrowdStrike Intelligence Report: Putter Panda — Crowdstrike Global Intelligence Team