{
	"id": "02e84256-ba2e-4c4c-a28f-dace240b9663",
	"created_at": "2026-04-06T01:30:16.704425Z",
	"updated_at": "2026-04-10T03:33:18.532227Z",
	"deleted_at": null,
	"sha1_hash": "00a06f85adeefd8a4256ae9d08d3dd6336138416",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53400,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 01:06:46 UTC\nHome \u003e List all groups \u003e Vicious Panda\n APT group: Vicious Panda\nNames\nVicious Panda (Check Point)\nBronze Dudley (SecureWorks)\nCountry China\nMotivation Information theft and espionage\nFirst seen 2015\nDescription\n(Check Point) Check Point Research discovered a new campaign against the\nMongolian public sector, which takes advantage of the current Coronavirus scare, in\norder to deliver a previously unknown malware implant to the target.\nA closer look at this campaign allowed us to tie it to other operations which were\ncarried out by the same anonymous group, dating back to at least 2016. Over the\nyears, these operations targeted different sectors in multiple countries, such as\nUkraine, Russia, and Belarus.\nObserved\nSectors: Government.\nCountries: Belarus, Mongolia, Russia, Ukraine.\nTools used 8.t Dropper, BBSRAT, Byeby, Cmstar, Enfal, Pylot.\nOperations performed\nAug 2015\nDigital Quartermaster Scenario Demonstrated in Attacks Against the\nMongolian Government\nJun 2017\nThreat Actors Target Government of Belarus Using CMSTAR Trojan\nMar 2020 Vicious Panda: The COVID Campaign\nCheck Point Research discovered a new campaign against the\nMongolian public sector, which takes advantage of the current\nCoronavirus scare, in order to deliver a previously unknown malware\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=61552e4f-08e1-402c-a482-2d278b33806d\nPage 1 of 2\n\nimplant to the target.\nInformation Last change to this card: 07 January 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=61552e4f-08e1-402c-a482-2d278b33806d\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=61552e4f-08e1-402c-a482-2d278b33806d\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=61552e4f-08e1-402c-a482-2d278b33806d"
	],
	"report_names": [
		"showcard.cgi?u=61552e4f-08e1-402c-a482-2d278b33806d"
	],
	"threat_actors": [
		{
			"id": "f5c5d5d4-3969-4e34-9982-55144c3908eb",
			"created_at": "2022-10-25T16:07:24.37846Z",
			"updated_at": "2026-04-10T02:00:04.965506Z",
			"deleted_at": null,
			"main_name": "Vicious Panda",
			"aliases": [
				"Bronze Dudley"
			],
			"source_name": "ETDA:Vicious Panda",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"BBSRAT",
				"Byeby",
				"Cmstar",
				"Enfal",
				"Lurid",
				"Pylot",
				"RoyalRoad",
				"Travle",
				"meciv"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6e79c98d-c678-4f28-b869-5723a78e71f4",
			"created_at": "2023-01-06T13:46:39.422441Z",
			"updated_at": "2026-04-10T02:00:03.322083Z",
			"deleted_at": null,
			"main_name": "Vicious Panda",
			"aliases": [
				"SixLittleMonkeys"
			],
			"source_name": "MISPGALAXY:Vicious Panda",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "20b5fa2f-2ef1-4e69-8275-25927a762f72",
			"created_at": "2025-08-07T02:03:24.573647Z",
			"updated_at": "2026-04-10T02:00:03.765721Z",
			"deleted_at": null,
			"main_name": "BRONZE DUDLEY",
			"aliases": [
				"TA428 ",
				"Temp.Hex ",
				"Vicious Panda "
			],
			"source_name": "Secureworks:BRONZE DUDLEY",
			"tools": [
				"NCCTrojan",
				"PhantomNet",
				"PoisonIvy",
				"Royal Road"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "a4aca3ca-9e04-42d1-b037-f7fb3fbab0b1",
			"created_at": "2023-01-06T13:46:39.042499Z",
			"updated_at": "2026-04-10T02:00:03.194713Z",
			"deleted_at": null,
			"main_name": "TA428",
			"aliases": [
				"BRONZE DUDLEY",
				"Colourful Panda"
			],
			"source_name": "MISPGALAXY:TA428",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439016,
	"ts_updated_at": 1775791998,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/00a06f85adeefd8a4256ae9d08d3dd6336138416.pdf",
		"text": "https://archive.orkl.eu/00a06f85adeefd8a4256ae9d08d3dd6336138416.txt",
		"img": "https://archive.orkl.eu/00a06f85adeefd8a4256ae9d08d3dd6336138416.jpg"
	}
}