Daggerfly
G10341 reportsaliases · Daggerfly · Evasive Panda · BRONZE HIGHLAND
1
Reports
5
Techniques
3
Tactics
3
Countries
60%
Hunt coverage
3
Aliases
Analyst assessment — key judgments
- Signature techniques: T1557 (Adversary-in-the-Middle), T1590.005 (IP Addresses), T1059.007 (JavaScript).
- Primary targeting: CN, HK, US.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 60% of 5 observed techniques (2 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
DormantLast 30d: 0 vs 0 prior (+0%)· first reported 2024-08-02 · last 2024-08-02
0
7d
0
30d
0
90d
1
All
0.0
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
Dropped (90d+)
T1557T1590.005T1059.007T1204.002T1059.002Overview
Analyst triage
Intelligence summary
Daggerfly is a People's Republic of China-linked APT entity active since at least 2012. Daggerfly has targeted individuals, government and NGO entities, and telecommunication companies in Asia and Africa. Daggerfly is associated with exclusive use of MgBot malware and is noted for several potential supply chain infection campaigns.(Citation: Symantec Daggerfly 2023)(Citation: ESET EvasivePanda 2023)(Citation: Symantec Daggerfly 2024)(Citation: ESET EvasivePanda 2024)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1557 · Adversary-in-the-Middleconf 601
- T1590.005 · IP Addressesconf 601
- T1059.007 · JavaScriptconf 601
- T1204.002 · Malicious Fileconf 601
- T1059.002 · AppleScriptconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|