Based on the evidence we have presented Symantec attributed the activity involving theDripion malware to the Budminer advanced threat group. While we have not seen newcampaigns using Taidoor malware since 2014, we believe the Budminer group has changedtactics to avoid detection after being outed publicly in security white papers and blogs over thepast few years.
Also known as
Budminer cyberespionage group.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).