Threat actor · G0129
Mustang Panda
Also known as TA416, RedDelta, BRONZE PRESIDENT, STATELY TAURUS, FIREANT, CAMARO DRAGON, EARTH PRETA, HIVE0154, TWILL TYPHOON, TANTALUM, LUMINOUS MOTH, UNC6384, TEMP.Hex, Red Lich, ClumsyToad.
Mustang Panda is a China-based cyber espionage threat actor that has been conducting operations since at least 2012. Mustang Panda has been known to use tailored phishing lures and decoy documents to deliver malicious payloads. Mustang Panda has targeted government, diplomatic, and non-governmental organizations, including think tanks, religious institutions, and research entities, across the United States, Europe, and Asia, with notable activity in Russia, Mongolia, Myanmar, Pakistan, and Vietnam.
ATT&CK techniques
85 mappedT1001.003T1003T1003.001T1003.003T1003.006T1016T1018T1027T1027.007T1027.012T1027.016T1036.005T1036.007T1036.008T1041T1046T1047T1048.003T1049T1052.001T1053.005T1057T1059T1059.001T1059.003T1059.005T1059.007T1069.002T1070T1070.004T1070.006T1071.001T1072T1074.001T1082T1083T1087.002T1091T1095T1102T1105T1106T1119T1129T1140T1176.002T1203T1204.001T1204.002T1205T1218.004T1218.005T1219.001T1219.002T1505.003T1518T1546.003T1547.001T1553.002T1557T1560.001T1560.003T1564.001T1566.001T1566.002T1567.002T1572T1573.001T1574.001T1574.005T1583.001T1583.006T1585.002T1586.002T1587.001T1588.002T1588.003T1588.004T1593T1598.003T1608T1608.001T1622T1654T1678