Home/ Threat Actors/ Putter Panda

🌐Putter Panda

🌐 Putter Panda is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: State. We map 14 detection use cases to this actor across 4 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0024) ↗

14Use cases

0Articles

4Techniques

0IOCs

About this actor (MITRE)

[Putter Panda](https://attack.mitre.org/groups/G0024) is a Chinese threat group that has been attributed to Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff Department (GSD). (Citation: CrowdStrike Putter Panda)

Known aliases

Putter PandaAPT2MSUpdater

Top techniques

T1027.013 · Encrypted/Encoded File T1055.001 · Dynamic-link Library Injection T1547.001 · Registry Run Keys / Startup Folder

All other tracked techniques

T1685 · Disable or Modify Tools

Detection use cases (14)

Putter Panda (APT2 / MSUpdater) Run-key persistence invoking rundll32 against user-writable DLL AI · profile SΣ Putter Panda DLL side-loading: signed binary executing from user-writable path with co-located unsigned DLL AI · profile S Cisco ASA - Core Syslog Message Volume Drop MITRE match Cisco ASA - Logging Disabled via CLI MITRE match Cisco ASA - Logging Filters Configuration Tampering MITRE match ESXi Download Errors MITRE match ESXi Encryption Settings Modified MITRE match ESXi Lockdown Mode Disabled MITRE match Loading Of Dynwrapx Module MITRE match PowerShell PInvoke Process Injection API Chain MITRE match Registry Keys Used For Persistence MITRE match Windows Boot or Logon Autostart Execution In Startup Folder MITRE match Windows NorthStar C2 Agent Execution MITRE match Windows Obfuscated Files or Information via RAR SFX MITRE match