cti-ATT-CK-v13.1/enterprise-attack/intrusion-set/intrusion-set--420ac20b-f2b9-42b8-aa1a-6d4b72895ca4.json

{
    "type": "bundle",
    "id": "bundle--728b7aa4-f413-42bf-91aa-f4e9c89fd2bc",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-22T22:01:13.781Z",
            "name": "Mustang Panda",
            "description": "[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. [Mustang Panda](https://attack.mitre.org/groups/G0129) has targeted government entities, nonprofits, religious, and other non-governmental organizations in the U.S., Europe, Mongolia, Myanmar, Pakistan, and Vietnam, among others.(Citation: Crowdstrike MUSTANG PANDA June 2018)(Citation: Anomali MUSTANG PANDA October 2019)(Citation: Secureworks BRONZE PRESIDENT December 2019) ",
            "aliases": [
                "Mustang Panda",
                "TA416",
                "RedDelta",
                "BRONZE PRESIDENT"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "2.1",
            "x_mitre_contributors": [
                "Kyaw Pyiyt Htet, @KyawPyiytHtet"
            ],
            "type": "intrusion-set",
            "id": "intrusion-set--420ac20b-f2b9-42b8-aa1a-6d4b72895ca4",
            "created": "2021-04-12T15:56:28.861Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0129",
                    "external_id": "G0129"
                },
                {
                    "source_name": "Mustang Panda",
                    "description": "(Citation: Crowdstrike MUSTANG PANDA June 2018)"
                },
                {
                    "source_name": "TA416",
                    "description": "(Citation: Proofpoint TA416 November 2020)"
                },
                {
                    "source_name": "RedDelta",
                    "description": "(Citation: Recorded Future REDDELTA July 2020)(Citation: Proofpoint TA416 Europe March 2022)"
                },
                {
                    "source_name": "BRONZE PRESIDENT",
                    "description": "(Citation: Secureworks BRONZE PRESIDENT December 2019)"
                },
                {
                    "source_name": "Anomali MUSTANG PANDA October 2019",
                    "description": "Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.",
                    "url": "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations"
                },
                {
                    "source_name": "Secureworks BRONZE PRESIDENT December 2019",
                    "description": "Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.",
                    "url": "https://www.secureworks.com/research/bronze-president-targets-ngos"
                },
                {
                    "source_name": "Recorded Future REDDELTA July 2020",
                    "description": "Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP \u2018REDDELTA\u2019 TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.",
                    "url": "https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf"
                },
                {
                    "source_name": "Crowdstrike MUSTANG PANDA June 2018",
                    "description": "Meyers, A. (2018, June 15). Meet CrowdStrike\u2019s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.",
                    "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/"
                },
                {
                    "source_name": "Proofpoint TA416 November 2020",
                    "description": "Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.",
                    "url": "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader"
                },
                {
                    "source_name": "Proofpoint TA416 Europe March 2022",
                    "description": "Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.",
                    "url": "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "x_mitre_attack_spec_version": "3.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}