Daggerfly

OriginChina

Techniques (MITRE ATT&CK)17

SourceMITRE ATT&CK

Also known as:Evasive PandaBRONZE HIGHLAND

Vexday analysis

Daggerfly é um grupo de ameaça persistente avançada (APT) vinculado à República Popular da China, ativo desde pelo menos 2012. O grupo tem como alvos indivíduos, entidades governamentais, ONGs e empresas de telecomunicações na Ásia e na África, sendo associado ao uso exclusivo do malware MgBot e a diversas campanhas de potencial comprometimento de cadeia de suprimentos. Também referenciado como Evasive Panda e BRONZE HIGHLAND, o grupo conta com 17 técnicas documentadas no MITRE ATT&CK (identificador G1034).

Techniques (MITRE ATT&CK) 17

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Server Code Signing Certificates

Initial access

Drive-by Compromise Compromise Software Supply Chain

Execution

Scheduled Task PowerShell Malicious Link

Persistence

Local Account

Credential access

Security Account Manager

Discovery

Query Registry System Information Discovery

Command and control

Web Protocols Ingress Tool Transfer

defense-impairment

Code Signing

stealth

Rename Legitimate Utilities Rundll32 DLL

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Daggerfly uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →