ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Pacha Group

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Pacha Group

NamesPacha Group (Intezer)
CountryChina China
MotivationFinancial gain
First seen2018
Description(Intezer) Antd is a miner found in the wild on September 18, 2018. Recently we discovered that the authors from Antd are actively delivering newer campaigns deploying a broad number of components, most of them completely undetected and operating within compromised third party Linux servers. Furthermore, we have observed that some of the techniques implemented by this group are unconventional, and there is an element of sophistication to them. We believe the authors behind this malware are from Chinese origin. We have labeled the undetected Linux.Antd variants, Linux.GreedyAntd and classified the threat actor as Pacha Group.
Observed
Tools usedAntd, DDG, Korkerds, XMRig.
Operations performedSep 2018Intezer has evidence dating back to September 2018 which shows Pacha Group has been using a cryptomining malware that has gone undetected on other engines.
<https://www.intezer.com/blog-pacha-group-deploying-undetected-cryptojacking-campaigns/>
May 2019Pacha Group Competing against Rocke, Iron Group Group for Cryptocurrency Mining Foothold on the Cloud
<https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/>
Information<https://www.intezer.com/blog-technical-analysis-pacha-group/>

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Operation Windigo
Next: Parinacota

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]