{
    "type": "bundle",
    "id": "bundle--f21dc752-c30f-4e1d-8ee6-dc6a3880da7a",
    "spec_version": "2.0",
    "objects": [
        {
            "aliases": [
                "APT18",
                "TG-0416",
                "Dynamite Panda",
                "Threat Group-0416"
            ],
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "intrusion-set--38fd6a28-3353-4f2b-bb2b-459fecd5c648",
            "type": "intrusion-set",
            "created": "2017-05-31T21:31:57.733Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G0026",
                    "external_id": "G0026"
                },
                {
                    "source_name": "APT18",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "TG-0416",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "Dynamite Panda",
                    "description": "(Citation: ThreatStream Evasion Analysis)(Citation: Anomali Evasive Maneuvers July 2015)"
                },
                {
                    "source_name": "Threat Group-0416",
                    "description": "(Citation: ThreatStream Evasion Analysis)"
                },
                {
                    "url": "http://www.secureworks.com/resources/blog/where-you-at-indicators-of-lateral-movement-using-at-exe-on-windows-7-systems/",
                    "description": "Carvey, H.. (2014, September 2). Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems. Retrieved January 25, 2016.",
                    "source_name": "Dell Lateral Movement"
                },
                {
                    "url": "https://www.threatstream.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop",
                    "description": "Shelmire, A.. (2015, July 6). Evasive Maneuvers. Retrieved January 22, 2016.",
                    "source_name": "ThreatStream Evasion Analysis"
                },
                {
                    "source_name": "Anomali Evasive Maneuvers July 2015",
                    "url": "https://www.anomali.com/blog/evasive-maneuvers-the-wekby-group-attempts-to-evade-analysis-via-custom-rop",
                    "description": "Shelmire, A. (2015, July 06). Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels. Retrieved November 15, 2018."
                }
            ],
            "modified": "2020-03-30T18:46:16.853Z",
            "name": "APT18",
            "description": "[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movement)",
            "x_mitre_version": "2.1",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}