BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Mustang Panda hackers use a freshly built backdor to advanced evasion of detection

    The Chinese hacker group Mustang Panda, engaged in cyberspiospionage, was seen in the deployment of a new user backdor called MQsTTang.

    Mustang Panda is a group of attackers aimed at companies in various fields around the world. In their attacks, primarily aimed at the theft of information, cybercriminals use customary versions of malicious PlugX. The group is also known as TA416 and Bronze President.

    The new MQsTTang Backdor from Mustang Panda seems to be not based on well -known malicious programs. This fact indicates that hackers most likely developed MQsTTang from scratch in order to make it difficult to detect malicious antivirus products.

    ESET researchers found MQsTTang during a harmful campaign aimed at government and political organizations in Europe and Asia. It began in January 2023 and continues to this day.

    The distribution of malicious software occurs through phishing emails, and the payload is loaded from GitHub repositories created by the user associated with previous Mustang Panda campaigns. The malicious program is the same executable file inside the various “.rar” archives. Archives in their names adhere to diplomatic topics.

    ESET characterizes MQsTTang as a “basic” backdor, allowing attackers to remotely execute commands on the victim’s computer. When starting, the malicious program creates its own copy with increased privileges, which performs various tasks, such as establishing a connection with the C2 server, configuring constancy in the victim’s system, etc.

    In early February, EclecticIQ specialists revealed a malicious campaign using “.iso”-image containing malicious labels.

    An unusual characteristic of the new backdor is the use of the MQTT protocol to communicate with the C2 server. MQTT provides malicious resistance to the C2-server, hides the infrastructure of the attacker, filtering all messages, and reduces the likelihood of detecting malware by specialists who are usually trying to detect the most frequently used C2-protocols.

    To avoid detection, MQsTTang also checks the presence of debugger or monitoring tools on the host and, if found, changes its behavior accordingly.

    It is still unknown whether MQsTTang will remain for a long time in the arsenal or whether it was specially designed for a specific operation.

    Author DeepWeb
    Emotet malware returns after a three-month hiatus
    In the United States, losses from Internet fraud reached a record $10 billion in 2022

    Comments 0

    Add comment