Stone Panda

Type: Believed Cyber-mercenary

Stone Panda APT Status: Active May 2010-Oct. 2013; current status unknown

Target Sectors: Healthcare, Defense, Aerospace, Government


  • PoisonIvy RAT
    • GUI
    • widely available
    • Capable of: renaming, deleting, uploading, downloading or executing files; viewing or editing registry keys; viewing, suspending, or killing running processes; viewing or terminating network connections; viewing and controlling services; viewing or disabling installed devices; enumerating, deleting, or uninstalling programs
    • Capable of logging keystrokes, taking screenshots, recording audio or webcam footage, and by capturing saved passwords and hashes
  • IEChecker/ EvilGrab
    • Capture audio, video, screenshots, and keystrokes

Preferred Attack Vector:  Spear phishing emails


  • Focus on reconnaissance, lateral movement, and data exfiltration