Pacha Group

Description

(Intezer) Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a broad number of components, most of them completely undetected and operating within compromised third party Linux servers. Furthermore, we have observed that some of the techniques implemented by this group are unconventional, and there is an element of sophistication to them. We believe the authors behind this malware are from Chinese origin. We have labeled the undetected Linux.Antd variants, Linux.GreedyAntd and classified the threat actor as Pacha Group.

Names

Name	Name-Giver
Pacha Group	Intezer

Country

China

Motivation

Financial gain

First Seen

2018

Tools

Operations

2018-09: Intezer has evidence dating back to September 2018 which shows Pacha Group has been using a cryptomining malware that has gone undetected on other engines. https://www.intezer.com/blog-pacha-group-deploying-undetected-cryptojacking-campaigns/
2019-05: Pacha Group Competing against Rocke, Iron Group Group for Cryptocurrency Mining Foothold on the Cloud https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/

Information

https://www.intezer.com/blog-technical-analysis-pacha-group/

Other Information

Uuid

4ca48576-dcc1-42dc-84c9-5201977aa56b

Last Card Change

2020-04-15

Threat Intelligence Garden

Explorer

Pacha Group

Pacha Group

Description

Names

Country

Motivation

First Seen

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks