![]() ![]() The executables are given names that are diplomacy related such as embassy notes, scans of passports of members, etc. The initial stage starts with the distribution of the malware through spearfishing emails, containing RAR archives with only a single executable file. It does not use any kinds of obfuscation techniques and only has a single infection stage. The malware is a backdoor that allows attackers to execute commands on a victim’s device. Also due to the filenames of the decoys used by the campaign, it is believed that political and governmental organizations in Europe and Asia are also being targeted. ![]() The campaign was seen targeting unknown entities in Bulgaria, Australia and Taiwan. Researchers also founded an FTP server used by MQsTTang with a directory that contains multiple Korplug loaders and tools used in previous Mustang Panda campaigns. A MQsTTang sample was found in GitHub repositories belonging to ‘YanNaingOo0072022’, who was seen active in a previous Mustang Panda campaign in December 2022. The new malware, dubbed MQsTTang, is the new backdoor that is a part of an ongoing campaign that has been attributed to the Mustang Panda group based on the following indicators. A cyber espionage group known as Mustang Panda has released a new custom backdoor malware that uses the MQTT protocol for its communication. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |