{ "id": "e98399a6-0236-40f7-9aa8-bd5bdb2a02d0", "created_at": "2026-04-06T00:09:14.915054Z", "updated_at": "2026-04-10T03:34:51.686686Z", "deleted_at": null, "sha1_hash": "2acd6feb01f395da58e88dc57922f14ba5b8416f", "title": "404", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 910458, "plain_text": "404\r\nArchived: 2026-04-05 17:54:29 UTC\r\nThis page doesn't exist,\r\nbut your adversaries do\r\n404\r\nThis page doesn't exist,\r\nbut your adversaries do\r\nPopular Resources\r\nhttps://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools\r\nPage 1 of 4\n\nCrowdStrike 2026 Global Threat Report\r\nReport\r\nCrowdStrike 2026 Global Threat Report\r\nDownload the CrowdStrike 2026 Global Threat Report and discover the notable themes, trends, and events across\r\nthe cyber threat landscape.\r\nhttps://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools\r\nPage 2 of 4\n\nState of AI in Cybersecurity\r\nReport\r\nState of AI in Cybersecurity\r\nCrowdStrike surveyed over 1,000 security professionals about GenAI. See what they had to say.\r\nhttps://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools\r\nPage 3 of 4\n\n2025 Top Cybersecurity Trends\r\nCrowdCast Series\r\n2025 Top Cybersecurity Trends\r\nEliminating security silos across AI, identity, SIEM, and cloud.\r\nSource: https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools\r\nhttps://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools" ], "report_names": [ "overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools" ], "threat_actors": [ { "id": "19935e32-f1a5-462d-8934-8b1c3bf3b5f2", "created_at": "2022-10-25T16:07:23.36465Z", "updated_at": "2026-04-10T02:00:04.565476Z", "deleted_at": null, "main_name": "Aquatic Panda", "aliases": [ "G0143" ], "source_name": "ETDA:Aquatic Panda", "tools": [ "Agentemis", "Bladabindi", "Cobalt Strike", "CobaltStrike", "Fishmaster", "JollyJellyfish", "Jorik", "cobeacon", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "9f101d9c-05ea-48b9-b6f1-168cd6d06d12", "created_at": "2023-01-06T13:46:39.396409Z", "updated_at": "2026-04-10T02:00:03.312816Z", "deleted_at": null, "main_name": "Earth Lusca", "aliases": [ "CHROMIUM", "ControlX", "TAG-22", "BRONZE UNIVERSITY", "AQUATIC PANDA", "RedHotel", "Charcoal Typhoon", "Red Scylla", "Red Dev 10", "BountyGlad" ], "source_name": "MISPGALAXY:Earth Lusca", "tools": [ "RouterGod", "SprySOCKS", "ShadowPad", "POISONPLUG", "Barlaiy", "Spyder", "FunnySwitch" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "ba3eea09-ce30-4cfa-ae3a-b5992c4b81f8", "created_at": "2022-10-25T15:50:23.441443Z", "updated_at": "2026-04-10T02:00:05.263145Z", "deleted_at": null, "main_name": "Aquatic Panda", "aliases": [ "Aquatic Panda" ], "source_name": "MITRE:Aquatic Panda", "tools": [ "Wevtutil", "Winnti for Windows", "njRAT", "Cobalt Strike", "ShadowPad", "Winnti for Linux" ], "source_id": "MITRE", "reports": null }, { "id": "18a7b52d-a1cd-43a3-8982-7324e3e676b7", "created_at": "2025-08-07T02:03:24.688416Z", "updated_at": "2026-04-10T02:00:03.734754Z", "deleted_at": null, "main_name": "BRONZE UNIVERSITY", "aliases": [ "Aquatic Panda", "Aquatic Panda ", "CHROMIUM", "CHROMIUM ", "Charcoal Typhoon", "Charcoal Typhoon ", "Earth Lusca", "Earth Lusca ", "FISHMONGER ", "Red Dev 10", "Red Dev 10 ", "Red Scylla", "Red Scylla ", "RedHotel", "RedHotel ", "Tag-22", "Tag-22 " ], "source_name": "Secureworks:BRONZE UNIVERSITY", "tools": [ "Cobalt Strike", "Fishmaster", "FunnySwitch", "Spyder", "njRAT" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434154, "ts_updated_at": 1775792091, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/2acd6feb01f395da58e88dc57922f14ba5b8416f.pdf", "text": "https://archive.orkl.eu/2acd6feb01f395da58e88dc57922f14ba5b8416f.txt", "img": "https://archive.orkl.eu/2acd6feb01f395da58e88dc57922f14ba5b8416f.jpg" } }