Description
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and Africa. [Daggerfly](https://attack.mitre.org/groups/G1034) is associated with exclusive use of [MgBot](https://attack.mitre.org/software/S1146) malware and is noted for several potential supply chain infection campaigns.(Citation: Symantec Daggerfly 2023)(Citation: ESET EvasivePanda 2023)(Citation: Symantec Daggerfly 2024)(Citation: ESET EvasivePanda 2024)
Techniques Used (TTPs)
- T1003.002 — Security Account Manager (credential-access)
- T1587.002 — Code Signing Certificates (resource-development)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1071.001 — Web Protocols (command-and-control)
- T1059.001 — PowerShell (execution)
- T1036.003 — Rename Legitimate Utilities (defense-evasion)
- T1204.001 — Malicious Link (execution)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1082 — System Information Discovery (discovery)
- T1195.002 — Compromise Software Supply Chain (initial-access)
- T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
- T1218.011 — Rundll32 (defense-evasion)
- T1584.004 — Server (resource-development)
- T1136.001 — Local Account (persistence)
- T1553.002 — Code Signing (defense-evasion)
- T1012 — Query Registry (discovery)
- T1189 — Drive-by Compromise (initial-access)
Total TTPs: 17