GopherWhisperGopherWhisper

Also known as: GopherWhisper

Known aliases
1

Profile

GopherWhisper is a China-aligned APT that routes C2 traffic through legitimate enterprise platforms like Slack, Discord, and Microsoft 365 Outlook to evade detection. Its toolkit includes the LaxGopher backdoor for Slack, RatGopher for Discord, and CompactGopher for data exfiltration via file.io. The group employs DLL side-loading via JabGopher and uses raw OpenSSL socket C2 on port 443 with the SSLORDoor backdoor. GopherWhisper has targeted Mongolian government entities and is assessed to have additional unidentified victims in Central Asia.

Aliases· 1

GopherWhisper

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
LongNosedGoblin
Actor
UTA0388
Actor
GOFFEE
Actor
Worok
Actor
APT16
Software
WhisperGate
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.