Bookworm malware used by Mustang Panda since 2015
Malware Activity
Summary
Hide ▲
Show ▼
The long-running Bookworm malware used by Mustang Panda remains a serious threat because it can maintain control over compromised systems. It supports arbitrary commands, file transfer, data exfiltration, and persistent access. A separate March wave targeted ASEAN countries, showing continued operational use of the tool.
Related Happenings
Showboat Linux post-exploitation backdoor framework
Malware Activity
First: 21.05.2026 17:17
Last: 21.05.2026 17:17
Sources 1
About this happening:
The **Showboat** Linux malware has been identified as a **modular post-exploitation framework** used since **at least mid-2022**, raising the risk of persistent access on compromi...
Showboat Linux post-exploitation backdoor framework
Malware ActivityAbout this happening: The **Showboat** Linux malware has been identified as a **modular post-exploitation framework** used since **at least mid-2022**, raising the risk of persistent access on compromi...
Webworm EchoCreep and GraphWorm backdoor expansion
Malware Activity
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...
Webworm EchoCreep and GraphWorm backdoor expansion
Malware ActivityAbout this happening: **Webworm** expanded its malware arsenal in **2025** with the custom backdoors **EchoCreep** and **GraphWorm**, increasing its ability to run stealthy **command-and-control** oper...
ABCDoor backdoor activity in Silver Fox attacks
Malware Activity
First: 04.05.2026 14:35
Last: 04.05.2026 14:35
Sources 1
About this happening:
The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...
ABCDoor backdoor activity in Silver Fox attacks
Malware ActivityAbout this happening: The newly identified **ABCDoor** backdoor is being used in **real-world attacks** by **Silver Fox**, expanding the group's malware set and increasing the risk of covert remote acc...
Mustang Panda, CL-STA-1048, and CL-STA-1049 Southeast Asia government campaign
Campaign
First: 30.03.2026 10:00
Last: 30.03.2026 10:00
Sources 1
About this happening:
Three **China-aligned** clusters targeted a **government organization in Southeast Asia**, signaling a **coordinated campaign** built for long-term access. The activity spans **Mu...
Mustang Panda, CL-STA-1048, and CL-STA-1049 Southeast Asia government campaign
CampaignAbout this happening: Three **China-aligned** clusters targeted a **government organization in Southeast Asia**, signaling a **coordinated campaign** built for long-term access. The activity spans **Mu...
UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity
Malware Activity
First: 06.03.2026 01:19
Last: 06.03.2026 01:19
Sources 1
About this happening:
A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...
UAT-9244 TernDoor, PeerTime, and BruteEntry malware activity
Malware ActivityAbout this happening: A **China-linked** malware cluster has been using **TernDoor**, **PeerTime**, and **BruteEntry** to compromise **telecommunication providers in South America** and turn infected s...
Timeline
-
27.09.2025 15:06 2 articles · 8mo ago
Mustang Panda's Bookworm use since 2015 and March ASEAN targeting
Technical Analysis UpdateBookworm malware used by Mustang Panda since 2015 supports arbitrary command execution, file upload and download, data exfiltration, and persistent access, while a separate March campaign used DLL side-loading and legitimate-looking domains or compromised infrastructure to distribute the malware to ASEAN-affiliated countries.
Show sources
- China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks — thehackernews.com — 27.09.2025 15:06
- China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks — thehackernews.com — 27.09.2025 15:06