BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
BTC $51740.4000
ETH $3112.6552
BNB $388.4861
SOL $103.4699
XRP $0.5425
ADA $0.5914
AVAX $37.4726
TRX $0.1377
DOGE $0.0861
wstETH $3608.1939
LINK $18.7122
DOT $7.9253
WETH $3099.5051
UNI $11.0991
MATIC $0.9984
WBTC $51892.2111
IMX $3.2035
ICP $12.4694
LTC $70.1056
BCH $267.9077
CAKE $3.1362
FIL $8.1161
ETC $27.2027
KAS $0.1709
RNDR $7.2125
DAI $1.0003
HBAR $0.1094
ATOM $10.3766
INJ $35.7526
TON $2.0791
OKB $50.2401
VET $0.0451
FDUSD $1.0003
LDO $3.3874
GRT $0.2891
ARB $1.9019
STX $2.5976
XMR $129.3498
TIA $16.7710
XLM $0.1165
ENS $22.8347
NEAR $3.7109
APEX $2.4753
WEMIX $2.0914
MKR $2051.3393
RETH $3421.4719
ALGO $0.2075
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Mustang Panda hackers use a freshly built backdor to advanced evasion of detection

    The Chinese hacker group Mustang Panda, engaged in cyberspiospionage, was seen in the deployment of a new user backdor called MQsTTang.

    Mustang Panda is a group of attackers aimed at companies in various fields around the world. In their attacks, primarily aimed at the theft of information, cybercriminals use customary versions of malicious PlugX. The group is also known as TA416 and Bronze President.

    The new MQsTTang Backdor from Mustang Panda seems to be not based on well -known malicious programs. This fact indicates that hackers most likely developed MQsTTang from scratch in order to make it difficult to detect malicious antivirus products.

    ESET researchers found MQsTTang during a harmful campaign aimed at government and political organizations in Europe and Asia. It began in January 2023 and continues to this day.

    The distribution of malicious software occurs through phishing emails, and the payload is loaded from GitHub repositories created by the user associated with previous Mustang Panda campaigns. The malicious program is the same executable file inside the various “.rar” archives. Archives in their names adhere to diplomatic topics.

    ESET characterizes MQsTTang as a “basic” backdor, allowing attackers to remotely execute commands on the victim’s computer. When starting, the malicious program creates its own copy with increased privileges, which performs various tasks, such as establishing a connection with the C2 server, configuring constancy in the victim’s system, etc.

    In early February, EclecticIQ specialists revealed a malicious campaign using “.iso”-image containing malicious labels.

    An unusual characteristic of the new backdor is the use of the MQTT protocol to communicate with the C2 server. MQTT provides malicious resistance to the C2-server, hides the infrastructure of the attacker, filtering all messages, and reduces the likelihood of detecting malware by specialists who are usually trying to detect the most frequently used C2-protocols.

    To avoid detection, MQsTTang also checks the presence of debugger or monitoring tools on the host and, if found, changes its behavior accordingly.

    It is still unknown whether MQsTTang will remain for a long time in the arsenal or whether it was specially designed for a specific operation.

    Author DeepWeb
    Emotet malware returns after a three-month hiatus
    In the United States, losses from Internet fraud reached a record $10 billion in 2022

    Comments 0

    Add comment