Also, the PlugX that Mustang Panda APT uses has some extra features, including spreading through USB, gathering information, and stealing documents in air-gaped networks via USB. However, the way the PlugX loader launches the payload is different from how it was done for the previous versions.
#Adobe updater trojan update
PlugX executes DLL hijacking with benign applications such as ESET antivirus, Adobe Update etc. The way that the APT actor infects the target, and launches the malicious payload is similar to previous versions-but with some differences. According to Avira’s telemetry data, Mustang Panda mostly targets Asia-Pacific (APAC) countries and uses Cobalt or PlugX as payload.Īvira’s Advanced Threat Research team discovered a new version of PlugX from the Mustang Panda APT that is used to spy on some targets in Hong Kong and Vietnam.
OverviewĪvira’s Advanced Threat Research team, has been tracking Mustang Panda APT for a while. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system to retrieve machine information, capture the screen, manage services, and manage processes. Since 2008, PlugX as a RAT (Remote Access Trojan) malware family has been used as a backdoor to control the victim’s machine fully.
It utilizes shared malware like Poison Ivy, PlugX and Cobalt Strike payloads in order to gather intelligence.
Mustang Panda is a well-known APT with a long history of targeting non-governmental organisations (NGOs).
0 kommentar(er)
