Honeymyte

Threat Actor updated 7 months ago (2024-05-04T19:32:48.976Z)

Download STIX

Preview STIX

HoneyMyte, also known as Mustang Panda, is a notable threat actor in the cybersecurity landscape. This group has been linked to various malicious activities, including the use of DLL side-loading and Cobalt Strike loaders, similar to the tactics, techniques, and procedures (TTPs) employed by another threat actor, LuminousMoth. The two groups share striking similarities, such as the usage of a component akin to LuminousMoth's Chrome cookie stealer, which was previously observed in HoneyMyte activity. Furthermore, a connection was established through an MMTimes look-alike domain, "mmtimes[.]org," used in a 2020 HoneyMyte campaign. Significant overlaps have been discovered between the command-and-control (C2) servers utilized in the LuminousMoth campaigns and those previously attributed to HoneyMyte. These overlaps extend beyond shared resources, with both threat actors demonstrating common TTPs and a focus on similar target profiles. The concurrent occurrence of their campaigns in Myanmar suggests that LuminousMoth may have borrowed various TTPs from HoneyMyte. Based on these findings, there is medium to high confidence that LuminousMoth's activities are indeed connected to HoneyMyte. Despite attempts to profile LuminousMoth as a separate entity, the shared toolset, campaign scale, targeting, and resource use firmly link it to HoneyMyte. Further analysis indicates that LuminousMoth shows a strong affinity toward HoneyMyte, reinforcing the belief in their interconnected operations.

Description last updated: 2024-05-04T16:40:43.419Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Mustang Panda is a possible alias for Honeymyte. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Honeymyte Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
MITRE	a year ago	LuminousMoth APT: Sweeping attacks for the chosen few
CERT-EU	a year ago	APT trends report Q3 2023
Recorded Future	2 years ago	RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant \| Recorded Future
CERT-EU	2 years ago	Cybersecurity readiness still lacking worldwide
BankInfoSecurity	2 years ago	Chinese APT Group Deploying New Malware Backdoor
CERT-EU	2 years ago	Mustang Panda bolsters stealth capabilities