4/3/2023 0 Comments Eset 14 key![]() ![]() This would also be in line with the targeting of the group’s other recent campaigns. However, due to the nature of the decoy filenames used, we believe that political and governmental organizations in Europe and Asia are also being targeted. We also have information indicating that this campaign is targeting a governmental institution in Taiwan. We have seen unknown entities in Bulgaria and Australia in our telemetry. ![]() In a departure from the group’s usual tactics, MQsTTang has only a single stage and doesn’t use any obfuscation techniques. Mustang Panda is known for its customized Korplug variants (also dubbed PlugX) and elaborate loading chains. Unlike most of the group’s malware, MQsTTang doesn’t seem to be based on existing families or publicly available projects. This backdoor is part of an ongoing campaign that we can trace back to early January 2023. ESET researchers tease apart MQsTTang, a new backdoor used by Mustang Panda, which communicates via the MQTT protocolĮSET researchers have analyzed MQsTTang, a new custom backdoor that we attribute to the Mustang Panda APT group. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |