GhostEmperor (3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb)
GhostEmperor is a Chinese-speaking threat actor that targets government entities and telecom companies in Southeast Asia. They employ a Windows kernel-mode rootkit called Demodex to gain remote control over their targeted servers. The actor demonstrates a high level of sophistication and uses various anti-forensic and anti-analysis techniques to evade detection. They have been active for a significant period of time and continue to pose a threat to their targets.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Earth Estries (1f7f4a51-c4a8-4365-ade3-83b222e7cb67) | Threat Actor | GhostEmperor (3c3ca8f3-c6ab-4c5d-9bd0-be6677d6cdeb) | Threat Actor | 1 |