Threat Actor Profile
Description
Daggerfly is a People's Republic of China-linked APT entity active since at least 2012. Daggerfly has targeted individuals, government and NGO entities, and telecommunication companies in Asia and Africa. Daggerfly is associated with exclusive use of MgBot malware and is noted for several potential supply chain infection campaigns.(Citation: Symantec Daggerfly 2023)(Citation: ESET EvasivePanda 2023)(Citation: Symantec Daggerfly 2024)(Citation: ESET EvasivePanda 2024)
Confidence Score
Known Aliases
Tags
First Seen
Unknown
Last Updated
Unknown
Active Status
ActiveCreated
April 29, 2026
MITRE ATT&CK Techniques (17)
Indicators of Compromise
Loading IOCs…
IOC KQL for Sentinel
STIX Data
{'aliases': ['Daggerfly', 'Evasive Panda', 'BRONZE HIGHLAND'],
'created': '2024-07-25T17:13:06.098Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '[Daggerfly](https://attack.mitre.org/groups/G1034) is a '
"People's Republic of China-linked APT entity active since at "
'least 2012. '
'[Daggerfly](https://attack.mitre.org/groups/G1034) has '
'targeted individuals, government and NGO entities, and '
'telecommunication companies in Asia and Africa. '
'[Daggerfly](https://attack.mitre.org/groups/G1034) is '
'associated with exclusive use of '
'[MgBot](https://attack.mitre.org/software/S1146) malware and '
'is noted for several potential supply chain infection '
'campaigns.(Citation: Symantec Daggerfly 2023)(Citation: ESET '
'EvasivePanda 2023)(Citation: Symantec Daggerfly '
'2024)(Citation: ESET EvasivePanda 2024)',
'external_references': [{'external_id': 'G1034',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/groups/G1034'},
{'description': '(Citation: Symantec Daggerfly '
'2023)(Citation: ESET EvasivePanda '
'2024)',
'source_name': 'Evasive Panda'},
{'description': '(Citation: Symantec Daggerfly '
'2023)(Citation: ESET EvasivePanda '
'2024)',
'source_name': 'BRONZE HIGHLAND'},
{'description': 'Ahn Ho, Facundo Muñoz, & '
'Marc-Etienne M.Léveillé. (2024, '
'March 7). Evasive Panda leverages '
'Monlam Festival to target Tibetans. '
'Retrieved July 25, 2024.',
'source_name': 'ESET EvasivePanda 2024',
'url': 'https://www.welivesecurity.com/en/eset-research/evasive-panda-leverages-monlam-festival-target-tibetans/'},
{'description': 'Facundo Muñoz. (2023, April 26). '
'Evasive Panda APT group delivers '
'malware via updates for popular '
'Chinese software. Retrieved July 25, '
'2024.',
'source_name': 'ESET EvasivePanda 2023',
'url': 'https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/'},
{'description': 'Threat Hunter Team. (2023, April '
'20). Daggerfly: APT Actor Targets '
'Telecoms Company in Africa. '
'Retrieved July 25, 2024.',
'source_name': 'Symantec Daggerfly 2023',
'url': 'https://symantec-enterprise-blogs.security.com/threat-intelligence/apt-attacks-telecoms-africa-mgbot'},
{'description': 'Threat Hunter Team. (2024, July 23). '
'Daggerfly: Espionage Group Makes '
'Major Update to Toolset. Retrieved '
'July 25, 2024.',
'source_name': 'Symantec Daggerfly 2024',
'url': 'https://symantec-enterprise-blogs.security.com/threat-intelligence/daggerfly-espionage-updated-toolset'}],
'id': 'intrusion-set--f3be6240-f68e-47e1-90d2-ad8f3b3bb8a6',
'modified': '2024-10-31T18:33:10.434Z',
'name': 'Daggerfly',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'intrusion-set',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Furkan Celik, PURE7'],
'x_mitre_deprecated': False,
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_version': '1.0'}