{ "type": "bundle", "id": "bundle--728b7aa4-f413-42bf-91aa-f4e9c89fd2bc", "spec_version": "2.0", "objects": [ { "modified": "2023-03-22T22:01:13.781Z", "name": "Mustang Panda", "description": "[Mustang Panda](https://attack.mitre.org/groups/G0129) is a China-based cyber espionage threat actor that was first observed in 2017 but may have been conducting operations since at least 2014. [Mustang Panda](https://attack.mitre.org/groups/G0129) has targeted government entities, nonprofits, religious, and other non-governmental organizations in the U.S., Europe, Mongolia, Myanmar, Pakistan, and Vietnam, among others.(Citation: Crowdstrike MUSTANG PANDA June 2018)(Citation: Anomali MUSTANG PANDA October 2019)(Citation: Secureworks BRONZE PRESIDENT December 2019) ", "aliases": [ "Mustang Panda", "TA416", "RedDelta", "BRONZE PRESIDENT" ], "x_mitre_deprecated": false, "x_mitre_version": "2.1", "x_mitre_contributors": [ "Kyaw Pyiyt Htet, @KyawPyiytHtet" ], "type": "intrusion-set", "id": "intrusion-set--420ac20b-f2b9-42b8-aa1a-6d4b72895ca4", "created": "2021-04-12T15:56:28.861Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "revoked": false, "external_references": [ { "source_name": "mitre-attack", "url": "https://attack.mitre.org/groups/G0129", "external_id": "G0129" }, { "source_name": "Mustang Panda", "description": "(Citation: Crowdstrike MUSTANG PANDA June 2018)" }, { "source_name": "TA416", "description": "(Citation: Proofpoint TA416 November 2020)" }, { "source_name": "RedDelta", "description": "(Citation: Recorded Future REDDELTA July 2020)(Citation: Proofpoint TA416 Europe March 2022)" }, { "source_name": "BRONZE PRESIDENT", "description": "(Citation: Secureworks BRONZE PRESIDENT December 2019)" }, { "source_name": "Anomali MUSTANG PANDA October 2019", "description": "Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021.", "url": "https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations" }, { "source_name": "Secureworks BRONZE PRESIDENT December 2019", "description": "Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021.", "url": "https://www.secureworks.com/research/bronze-president-targets-ngos" }, { "source_name": "Recorded Future REDDELTA July 2020", "description": "Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP \u2018REDDELTA\u2019 TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021.", "url": "https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf" }, { "source_name": "Crowdstrike MUSTANG PANDA June 2018", "description": "Meyers, A. (2018, June 15). Meet CrowdStrike\u2019s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021.", "url": "https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/" }, { "source_name": "Proofpoint TA416 November 2020", "description": "Proofpoint Threat Research Team. (2020, November 23). TA416 Goes to Ground and Returns with a Golang PlugX Malware Loader. Retrieved April 13, 2021.", "url": "https://www.proofpoint.com/us/blog/threat-insight/ta416-goes-ground-and-returns-golang-plugx-malware-loader" }, { "source_name": "Proofpoint TA416 Europe March 2022", "description": "Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.", "url": "https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european" } ], "object_marking_refs": [ "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168" ], "x_mitre_domains": [ "enterprise-attack" ], "x_mitre_attack_spec_version": "3.1.0", "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5" } ] }