BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
BTC $70614.7035
ETH $3511.7004
BNB $620.2579
SOL $173.0218
XRP $0.6097
stETH $3507.5030
DOGE $0.1974
TON $7.0340
ADA $0.5814
AVAX $46.2782
wstETH $4079.6154
DOT $8.3856
BCH $610.3232
WETH $3506.2796
WBTC $70620.3107
TRX $0.1214
LINK $17.6767
MATIC $0.8810
UNI $9.1130
LTC $98.3227
ICP $15.5376
CAKE $3.7378
DAI $0.9997
IMX $2.5624
ETC $33.6826
RNDR $9.0476
STX $3.0152
FIL $8.0739
MNT $1.3057
TAO $634.6650
NEAR $6.7707
HBAR $0.0996
ATOM $10.7689
VET $0.0473
OKB $56.7850
WIF $3.4067
FDUSD $1.0024
KAS $0.1425
MKR $3339.9801
PEPE $0.0000
GRT $0.3118
THETA $2.9461
INJ $31.7489
FET $2.5268
XLM $0.1299
XMR $133.8901
USDE $1.0008
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Mustang Panda uses interesting bait in its new malware campaign


    In 2019, the Chinese hacker group Mustang Panda targeted government and public organizations in Asia and Europe. The cybercriminals carried out long-term cyberespionage campaigns in line with the strategic interests of the Chinese government.

    Until November 2022, the group used malicious archive files in its attacks, but now it uses a different method. According to a report from EclecticIQ, Mustang Panda is currently actively using ".iso" optical disc files containing malicious ".lnk" shortcut files. The labels are disguised as Microsoft Office Word documents, so it is not always possible for victims to understand what is wrong with a cursory glance.

    Not without social engineering. The file that the Mustang Panda hackers are spreading is called "Letter to the European Commission on limiting prices for Russian oil." And the command is registered in the launch parameters: "C:\Windows\System32\cmd.exe /q /c "System Volume Information\\test2022.ucp"".

    "test2022.ucp" in this command is a renamed legitimate software, which was originally called "LMIGuardianSvc.exe", part of the once popular LogMeIn Hamachi program in the CIS for creating local bridges between computers. The executable file "LMIGuardianSvc.exe" is used by attackers to hack a DLL and download an encrypted PlugX loader called "LMIGuardianDll.dll" to a computer. It is then decrypted into the LMIGuardianDat.dat malware ready for attack.

    Once the malware has successfully executed, PlugX connects to a remote C2 server, which is used to send commands to compromised systems and receive filtered data from the target network. Thus, attackers can remotely execute various commands on the infected system.

    The general scheme of the attack, as a result, looks like this:


    Analysts at EclecticIQ believe that the target of this particular decoy document was a European organization. The Mustang Panda group has previously attacked European organizations in much the same way. Now the group remains an active threat to all of Europe and Asia. According to experts from EclecticIQ, Mustang Panda will further increase its activity in the future and continue to use similar attack methods in response to geopolitical events in the world.

    Author DeepWeb
    Fentanyl
    Julius “Zeekill” Kivimäki, former Lizard Squad hacker, arrested in France

    Comments 0

    Add comment