Skip to main content
Mallory
Back to malware
MalwareUsed by 1 actor

Specter

Specter is a customized malware family used by the China-aligned espionage actor Phantom Taurus. Unit 42 reported Phantom Taurus using the Specter malware family alongside Ntospy and the NET-STAR malware suite during long-term intelligence collection operations targeting government and telecommunications organizations across Africa, the Middle East, and Asia. The actor’s targeting has included ministries of foreign affairs, embassies, diplomatic communications, defense-related intelligence, and activity associated with geopolitical events and military operations, aligning with PRC state interests. The content references Specter as a malware family and specifically mentions variants or related names including TunnelSpecter and SweetSpecter. No additional high-confidence technical details, infection vector, or standalone indicators of compromise specific to Specter are provided in the supplied content.

Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
THREAT ACTORS

Groups observed using it

1 distinct threat actor attributed by public researchers. Open in Mallory to see the full evidence chain and overlapping campaigns.

View more details
Phantom Taurus

These include the Specter malware family, Ntospy and NET-STAR, a newly identified malware suite.

via infosecurity magazine cominfosecurity-magazine.com
ACTIVITY FEED

Recent activity

5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

5 SOURCESView more in app
ctoatncsc substackNews
Oct 4, 2025
CTO at NCSC Summary: week ending October 5th

Customized malware family used by the Phantom Taurus espionage actor as part of its implant/tooling set.

Read more
infosecurity magazine comNews
Oct 1, 2025
New China-Aligned Hackers Hit State and Telecom Sectors

A named malware family used by Phantom Taurus; specific capabilities are not described in the provided content.

Read more
palo alto networks unit 42 blogNews
Sep 30, 2025
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

Custom malware family used by Phantom Taurus; specific functionality not detailed in the provided content beyond being part of the actor’s bespoke toolset (with named components TunnelSpecter and SweetSpecter listed in TTPs).

Read more
palo alto networks unit 42 blogNews
Sep 30, 2025
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite

Custom malware family used by Phantom Taurus; the content does not provide technical details beyond naming variants (TunnelSpecter, SweetSpecter) as part of the actor toolset.

Read more
+1 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution1

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.