Zeus Panda - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 12:39:56 UTC
Home > List all groups > List all tools > List all groups using tool Zeus Panda
 Tool: Zeus Panda
Names
Zeus Panda
ZeusPanda
PandaBanker
Category Malware
Type Banking trojan, Info stealer, Credential stealer, Downloader, Botnet
Description
(Proofpoint) Banking Trojans work by injecting code into web pages as they are viewed
on infected machines, allowing the malware to harvest banking credentials and credit
card information as victims interact with legitimate sites. Most often, the injects -- the
code that actually performs the man-in-the-browser attacks -- are configured for region-specific banking sites. More recently, we have seen injects for online payment sites,
casinos, retailers, and more appearing in banking Trojan campaigns.
Since November -- a period of time that includes Thanksgiving, Black Friday, Cyber
Monday and now leading up to Christmas -- we have observed Zeus Panda banking
Trojan campaigns that have an increasing focus on non-banking targets with an
extensive list of injects clearly designed to capitalize on holiday shopping and activities.
Information

banks>
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 28 December 2022
Download this tool card in JSON format
All groups using tool Zeus Panda
Changed Name Country Observed
Other groups
 Bamboo Spider, TA544 [Unknown] 2016-Apr 2022
 TA516 [Unknown] 2016-Feb 2020
2 groups listed (0 APT, 2 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=863ac646-bf1b-4f62-8a85-7b4569a88808
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=863ac646-bf1b-4f62-8a85-7b4569a88808
Page 2 of 2