Honeymyte

Threat Actor updated 15 days ago (2024-11-29T14:28:03.163Z)
Download STIX
Preview STIX
HoneyMyte, also known as Mustang Panda, is a notable threat actor in the cybersecurity landscape. This group has been linked to various malicious activities, including the use of DLL side-loading and Cobalt Strike loaders, similar to the tactics, techniques, and procedures (TTPs) employed by another threat actor, LuminousMoth. The two groups share striking similarities, such as the usage of a component akin to LuminousMoth's Chrome cookie stealer, which was previously observed in HoneyMyte activity. Furthermore, a connection was established through an MMTimes look-alike domain, "mmtimes[.]org," used in a 2020 HoneyMyte campaign. Significant overlaps have been discovered between the command-and-control (C2) servers utilized in the LuminousMoth campaigns and those previously attributed to HoneyMyte. These overlaps extend beyond shared resources, with both threat actors demonstrating common TTPs and a focus on similar target profiles. The concurrent occurrence of their campaigns in Myanmar suggests that LuminousMoth may have borrowed various TTPs from HoneyMyte. Based on these findings, there is medium to high confidence that LuminousMoth's activities are indeed connected to HoneyMyte. Despite attempts to profile LuminousMoth as a separate entity, the shared toolset, campaign scale, targeting, and resource use firmly link it to HoneyMyte. Further analysis indicates that LuminousMoth shows a strong affinity toward HoneyMyte, reinforcing the belief in their interconnected operations.
Description last updated: 2024-05-04T16:40:43.419Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Mustang Panda is a possible alias for Honeymyte. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Honeymyte Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more