#listofaptgroups

APT12,, currently inactive used spear phishing to deliver malware containing Etumbot, RIPTIDE, Mswab, Gh0st, ShowNews and other components.

Type: Nation-State-SponsoredAPT3 Status: Believed ActiveAPT3 Other Names: Gothic Panda/ UPS/ Pirpi/ Operation Clandestine Fox/ TG-0110/ BuckEye/ Group 6/ Operation Double Tap/ Operation Clandestine Wolf APT3 Target Sectors: energy sector, financial sector, technology industries, NGO/ International arena, aerospace and defense organizations, telecommunication companies, construction, high-tech, and transportation organizations Malware: Pirpi capable of gathering network adapter information, downloading files to memory, deleting files, listing directories, uploading files to the C2, executing processes, and other functionalities PlugX Kaba PluginDetect SHOTPUT backdoor (Backdoor APT CookieCutter) SportsLoader

Type: Nation-State-SponsoredAPT3 Status: Believed ActiveAPT3 Other Names: Gothic Panda/ UPS/ Pirpi/ Operation Clandestine Fox/ TG-0110/ BuckEye/ Group 6/ Operation Double Tap/ Operation Clandestine Wolf APT3 Target Sectors: energy sector, financial sector, technology industries, NGO/ International arena, aerospace and defense organizations, telecommunication companies, construction, high-tech, and transportation organizations Malware: Pirpi capable of gathering network adapter information, downloading files to memory, deleting files, listing directories, uploading files to the C2, executing processes, and other functionalities PlugX Kaba PluginDetect SHOTPUT backdoor (Backdoor APT CookieCutter) SportsLoader

APT12,, currently inactive used spear phishing to deliver malware containing Etumbot, RIPTIDE, Mswab, Gh0st, ShowNews and other components.