{
	"id": "7322d5f2-a513-4487-b277-14d0bc701566",
	"created_at": "2026-04-06T00:13:16.177861Z",
	"updated_at": "2026-04-10T03:35:59.999368Z",
	"deleted_at": null,
	"sha1_hash": "14a963c09c90c59795ec22f12d6c22ba43fff30b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50796,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 12:09:39 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GIMMICK\n Tool: GIMMICK\nNames GIMMICK\nCategory Malware\nType Backdoor, Downloader, Exfiltration\nDescription\n(Volexity) GIMMICK is used in targeted attacks by Storm Cloud, a Chinese espionage threat\nactor known to attack organizations across Asia. It is a feature-rich, multi-platform malware\nfamily that uses public cloud hosting services (such as Google Drive) for command-and-control (C2) channels. The newly identified macOS variant is written primarily in Objective C,\nwith Windows versions written in both .NET and Delphi. Despite core differences in\nprogramming languages used and operating systems targeted, Volexity tracks the malware\nunder the same name due to shared C2 architecture, file paths, and behavioral patterns used by\nall variants.\nInformation\nMalpedia\nLast change to this tool card: 27 August 2024\nDownload this tool card in JSON format\nAll groups using tool GIMMICK\nChanged Name Country Observed\nAPT groups\n Bronze Highland 2012-Jul 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9243117d-7400-455a-a9cc-98413c1681d8\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9243117d-7400-455a-a9cc-98413c1681d8\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9243117d-7400-455a-a9cc-98413c1681d8\r\nPage 2 of 2\n\nAPT groups Bronze Highland 2012-Jul 2024 \n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9243117d-7400-455a-a9cc-98413c1681d8"
	],
	"report_names": [
		"listgroups.cgi?u=9243117d-7400-455a-a9cc-98413c1681d8"
	],
	"threat_actors": [
		{
			"id": "f35997d9-ca1e-453f-b968-0e675cc16d97",
			"created_at": "2023-01-06T13:46:39.490819Z",
			"updated_at": "2026-04-10T02:00:03.345364Z",
			"deleted_at": null,
			"main_name": "Evasive Panda",
			"aliases": [
				"BRONZE HIGHLAND"
			],
			"source_name": "MISPGALAXY:Evasive Panda",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "05cb998c-6e81-47f0-9806-ee4fda72fe0a",
			"created_at": "2024-11-01T02:00:52.763555Z",
			"updated_at": "2026-04-10T02:00:05.263997Z",
			"deleted_at": null,
			"main_name": "Daggerfly",
			"aliases": [
				"Daggerfly",
				"Evasive Panda",
				"BRONZE HIGHLAND"
			],
			"source_name": "MITRE:Daggerfly",
			"tools": [
				"PlugX",
				"MgBot",
				"BITSAdmin",
				"MacMa",
				"Nightdoor"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "33eef76c-a6fa-4855-a77e-9a1e92fe8474",
			"created_at": "2023-11-21T02:00:07.393519Z",
			"updated_at": "2026-04-10T02:00:03.477407Z",
			"deleted_at": null,
			"main_name": "Storm Cloud",
			"aliases": [],
			"source_name": "MISPGALAXY:Storm Cloud",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "812f36f8-e82b-41b6-b9ec-0d23ab0ad6b7",
			"created_at": "2023-01-06T13:46:39.413725Z",
			"updated_at": "2026-04-10T02:00:03.31882Z",
			"deleted_at": null,
			"main_name": "BRONZE HIGHLAND",
			"aliases": [
				"Evasive Panda",
				"Daggerfly"
			],
			"source_name": "MISPGALAXY:BRONZE HIGHLAND",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "19ac84cc-bb2d-4e0c-ace0-5a7659d89ac7",
			"created_at": "2022-10-25T16:07:23.422755Z",
			"updated_at": "2026-04-10T02:00:04.592069Z",
			"deleted_at": null,
			"main_name": "Bronze Highland",
			"aliases": [
				"Daggerfly",
				"Digging Taurus",
				"Evasive Panda",
				"Storm Cloud",
				"StormBamboo",
				"TAG-102",
				"TAG-112"
			],
			"source_name": "ETDA:Bronze Highland",
			"tools": [
				"Agentemis",
				"CDDS",
				"CloudScout",
				"Cobalt Strike",
				"CobaltStrike",
				"DazzleSpy",
				"KsRemote",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"MacMa",
				"Macma",
				"MgBot",
				"Mgmbot",
				"NetMM",
				"Nightdoor",
				"OSX.CDDS",
				"POCOSTICK",
				"RELOADEXT",
				"Suzafk",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4f7d2815-7504-4818-bf8d-bba18161b111",
			"created_at": "2025-08-07T02:03:24.613342Z",
			"updated_at": "2026-04-10T02:00:03.732192Z",
			"deleted_at": null,
			"main_name": "BRONZE HIGHLAND",
			"aliases": [
				"Daggerfly",
				"Daggerfly ",
				"Evasive Panda ",
				"Evasive Panda ",
				"Storm Bamboo "
			],
			"source_name": "Secureworks:BRONZE HIGHLAND",
			"tools": [
				"Cobalt Strike",
				"KsRemote",
				"Macma",
				"MgBot",
				"Nightdoor",
				"PlugX"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434396,
	"ts_updated_at": 1775792159,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/14a963c09c90c59795ec22f12d6c22ba43fff30b.pdf",
		"text": "https://archive.orkl.eu/14a963c09c90c59795ec22f12d6c22ba43fff30b.txt",
		"img": "https://archive.orkl.eu/14a963c09c90c59795ec22f12d6c22ba43fff30b.jpg"
	}
}