CrowdStrike has been actively tracking an advanced adversary group known as Gothic Panda. Known for high-profile targeting of government research groups, financial institutions, and companies in the development sector, the adversary's activity has been hallmarked by the reuse of the malware Pirpi, which has evolved since 2009. It is speculated they are using compromised servers for hosting control infrastructure as an operational security measure. It is believed that this adversary originates from the People's Republic of China and likely will resurface in 2015. This presentation will provide an analysis of hallmarks of the malware Pirpi, as well as explore the origins of this adversary.