{
	"id": "9b03fe68-0503-4234-bc31-c3c92f5703fc",
	"created_at": "2026-04-06T03:36:12.21258Z",
	"updated_at": "2026-04-10T13:11:20.041591Z",
	"deleted_at": null,
	"sha1_hash": "700ef22b6d21430789593aed327e99febb6b6835",
	"title": "Putter Panda, APT 2 - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53806,
	"plain_text": "Putter Panda, APT 2 - Threat Group Cards: A Threat Actor\r\nEncyclopedia\r\nArchived: 2026-04-06 03:13:07 UTC\r\nHome \u003e List all groups \u003e Putter Panda, APT 2\r\n APT group: Putter Panda, APT 2\r\nNames\r\nPutter Panda (CrowdStrike)\r\nTG-6952 (SecureWorks)\r\nAPT 2 (Mandiant)\r\nGroup 36 (Talos)\r\nSulphur (Microsoft)\r\nSearchFire (?)\r\n4HCrew (?)\r\nG0024 (MITRE)\r\nCountry China\r\nSponsor\r\nState-sponsored, Unit 61486 of the 12th Bureau of the PLA’s 3rd General Staff\r\nDepartment (GSD)\r\nMotivation Information theft and espionage\r\nFirst seen 2007\r\nDescription\r\nPutter Panda is the name of bad actor responsible for a series of cyberespionage\r\noperations originating in Shanghai, security experts linked its operation to the activity of\r\nthe People’s Liberation Army 3rd General Staff Department 12th Bureau Unit 61486.\r\nA fake yoga brochure was one of different emails used for a spear-phishing campaign\r\nconducted by the stealth Chinese cyber unit according an investigation conducted by\r\nresearchers at the CrowdStrike security firm. Also in this case the experts believe that\r\nwe are facing with a large scale cyberespionage campaign targeting government entities,\r\ncontractors and research companies in Europe, USA and Japan.\r\nThe group has been operating since at least 2007 and appears very interested in research\r\ncompanies in the space and satellite industry, experts at CrowdStrike have collected\r\nevidence of a numerous attacks against these industries.\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba\r\nPage 1 of 2\n\nObserved\nSectors: Defense, Government, Research, Technology.\nCountries: USA.\nTools used 3PARA RAT, 4H RAT, httpclient, MSUpdater, pngdowner.\nInformation\nMITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba"
	],
	"report_names": [
		"showcard.cgi?u=028aa521-2de8-49c4-88d7-455f4d9141ba"
	],
	"threat_actors": [
		{
			"id": "abd17060-62f6-4743-95e8-3f23c82cc229",
			"created_at": "2022-10-25T15:50:23.428772Z",
			"updated_at": "2026-04-10T02:00:05.365894Z",
			"deleted_at": null,
			"main_name": "Putter Panda",
			"aliases": [
				"Putter Panda",
				"APT2",
				"MSUpdater"
			],
			"source_name": "MITRE:Putter Panda",
			"tools": [
				"pngdowner",
				"3PARA RAT",
				"4H RAT",
				"httpclient"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "468b7acd-895c-4c93-b572-b42f4035b4d4",
			"created_at": "2023-01-06T13:46:38.265636Z",
			"updated_at": "2026-04-10T02:00:02.902436Z",
			"deleted_at": null,
			"main_name": "APT2",
			"aliases": [
				"MSUpdater",
				"4HCrew",
				"SearchFire",
				"TG-6952",
				"G0024",
				"PLA Unit 61486",
				"PUTTER PANDA"
			],
			"source_name": "MISPGALAXY:APT2",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "4b066585-3591-4ddd-b3cc-f4e19e0e00ef",
			"created_at": "2022-10-25T16:07:24.086915Z",
			"updated_at": "2026-04-10T02:00:04.862463Z",
			"deleted_at": null,
			"main_name": "Putter Panda",
			"aliases": [
				"4HCrew",
				"APT 2",
				"G0024",
				"Group 36",
				"Putter Panda",
				"SearchFire",
				"TG-6952"
			],
			"source_name": "ETDA:Putter Panda",
			"tools": [
				"3PARA RAT",
				"4H RAT",
				"4h_rat",
				"MSUpdater",
				"httpclient",
				"pngdowner"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446572,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/700ef22b6d21430789593aed327e99febb6b6835.pdf",
		"text": "https://archive.orkl.eu/700ef22b6d21430789593aed327e99febb6b6835.txt",
		"img": "https://archive.orkl.eu/700ef22b6d21430789593aed327e99febb6b6835.jpg"
	}
}