Temper Panda, admin@338 - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 13:39:38 UTC
Home > List all groups > Temper Panda, admin@338
 APT group: Temper Panda, admin@338
Names
Temper Panda (Crowdstrike)
admin@338 (FireEye)
Team338 (Kaspersky)
Magnesium (Microsoft)
G0018 (MITRE)
Country China
Motivation Information theft and espionage
First seen 2014
Description
(FireEye) The threat group has previously used newsworthy events as lures to deliver
malware. They have largely targeted organizations involved in financial, economic and
trade policy, typically using publicly available RATs such as Poison Ivy, as well some
non-public backdoors.
The group started targeting Hong Kong media companies, probably in response to
political and economic challenges in Hong Kong and China. The threat group’s latest
activity coincided with the announcement of criminal charges against democracy
activists. During the past 12 months, Chinese authorities have faced several challenges,
including large-scale protests in Hong Kong in late 2014, the precipitous decline in the
stock market in mid-2015, and the massive industrial explosion in Tianjin in August
2015. In Hong Kong, the pro-democracy movement persists, and the government
recently denied a professor a post because of his links to a pro-democracy leader.
Observed
Sectors: Defense, Financial, Government, Media, Think Tanks.
Countries: Hong Kong, USA.
Tools used Bozok, BUBBLEWRAP, LOWBALL, Poison Ivy, Living off the Land.
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d54adbf5-1684-4824-8416-045b3265eb3d
Page 1 of 2

Information
MITRE ATT&CK Last change to this card: 16 August 2025
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d54adbf5-1684-4824-8416-045b3265eb3d
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d54adbf5-1684-4824-8416-045b3265eb3d
Page 2 of 2