SABRE PANDA
Sabre Panda is a threat actor referenced in the provided content in connection with the 9002 RAT malware family. A cited mention states that MoonTag samples matched a YARA rule named MAL_APT_9002_SabrePanda, which detects samples from the 9002 RAT family used by Sabre Panda. However, the same source explicitly says there were not strong links to attribute MoonTag to Sabre Panda. Based on the provided content, the only high-confidence association is Sabre Panda’s use of the 9002 RAT malware family. No additional high-confidence details on targeting, geography, tactics, or sub-groups are directly provided in the content. Known alias in the content: sabre_panda.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Associated malware families
1 malware family attributed to this actor across reporting.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.