Posts Tagged ‘MustangPanda’

[QuickNote] Another nice PlugX sample

Posted: January 9, 2023 in My Tutorials, [QuickNote] Another nice PlugX sample
Tags: , , , , ,
1

Sample information shared by Johann Aydinbas(@jaydinbas):

Sample hash: 2025427bba36b48e827a61116321bbe6b00d77d3fd35d552f72e052eb88948e0

Download here!

(more…)

Diving into a PlugX sample of Mustang Panda group

Posted: December 27, 2022 in Diving into a PlugX sample of Mustang Panda group, My Tutorials, Uncategorized
Tags: , , , ,
4

1. Hunting

Recently, in my free time, I continue hunting samples related to PlugX malware of the Mustang Panda group. Among the results returned by VirusTotal, there is a file submitted to VT from LV (Latvia ??) at 2022-12-06 06:39:03 UTC:

(more…)

MustangPanda – Enemy At The Gate

Posted: September 20, 2022 in MustangPanda - Enemy At The Gate
Tags: , , , , , ,
3

I would like to share my talk at the Security Bootcamp 2022 event (SBC2022) held in 03 days 09-10-11/09/2022 in Quang Ninh province.

2022 is the 10th year that Security Bootcamp conference is organized to continue the mission of building and connecting information security professionals across the country to share the latest knowledge and skills to form a top quality and prestigious forum for information security in Vietnam.

CrowdStrike researchers first published info about the Mustang Panda group in June 2018, after about a year of observing the group’s attack activities. Mustang Panda, believed is a China-based cyber espionage threat actor, is considered one of the highly motivated APT groups, applying sophisticated techniques to infect and install malware, targeting gain access to the victim’s machine from which to carry out espionage activities and steal information. Mustang Panda is famous for applying infection techniques based on topics related to political events, including the COVID-19 pandemic, … According to research and synthesis from many security companies across the global, this APT group has been around for over a decade with different variations found around the world.

In the second quarter of 2022, while hunting on VirusTotal’s platform, performing a search for specific byte patterns related to the Mustang Panda (#PlugX) group, I discovered a series of samples that we suspect to be of this group was uploaded from Vietnam. Parallel to the campaign that is believed to attack Vietnam, is a series of other campaigns of this group targeting events related to the European Union, the armed conflict that took place in Ukraine, events in countries like Montenegro, Bosnia and Herzegovina,…

My talk at this conference will cover hunting process as well as analyze in-depth the techniques that the Mustang Panda group applied to infect the victim’s machine, thereby use as a springboard to conduct espionage activities and information theft.

Download my presentation here!

Regards,

m4n0w4r