ioc[.]one - OSINT Cyber Threat Intelligence Database

Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware

Tags

cmtmf-attack-pattern:	Boot Or Logon Autostart Execution Masquerading
country:	Russia Ukraine
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Boot Or Logon Autostart Execution - T1547 Dll Search Order Hijacking - T1574.001 Domains - T1583.001 Domains - T1584.001 Double File Extension - T1036.007 Encrypted Channel - T1521 Encrypted Channel - T1573 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Phishing - T1660 Phishing - T1566 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Standard Encoding - T1132.001 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 Connection Proxy - T1090 Data Encoding - T1132 Deobfuscate/Decode Files Or Information - T1140 Dll Search Order Hijacking - T1038 Masquerading - T1036 Registry Run Keys / Start Folder - T1060 User Execution - T1204 Masquerading User Execution

Show in Graph

Common Information

Type	Value
UUID	988ce927-8c1a-437c-9045-5c7f3a109b80
Fingerprint	c5358f4ae97b8ecb
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 23, 2023, midnight
Added to db	June 1, 2023, 11:02 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
Title	Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
Detected Hints/Tags/Attributes	99/4/27

Source URLs

	Redirection	Url
Details	Source	https://blog.eclecticiq.com/mustang-panda-apt-group-uses-european-commission-themed-lure-to-deliver-plugx-malware

URL Provider

Details	Provider	Source level domain
Details	eclecticiq.com	blog.eclecticiq.com

Attributes

Details	Type	#Events	Value
Details	Domain	49	eclecticiq.com
Details	Domain	1373	twitter.com
Details	Email	47	research@eclecticiq.com
Details	File	1	de.doc
Details	File	409	c:\windows\system32\cmd.exe
Details	File	14	lmiguardiansvc.exe
Details	File	6	lmiguardiandll.dll
Details	File	2	de.docx
Details	File	4	lmiguardiandat.dat
Details	File	1	de.iso
Details	sha256	2	ee2c8909089f53aafc421d9853c01856b0a9015eba12aa0382e98417d28aef3f
Details	sha256	2	8c4926dd32204b6a666b274a78ccfb16fe84bbd7d6bc218a5310970c4c5d9450
Details	sha256	1	723d804cfc334cad788f86c39c7fb58b42f452a72191f7f39400cf05d980b4f3
Details	sha256	1	2c0273394cda1b07680913edd70d3438a098bb4468f16eebf2f50d060cdf4e96
Details	sha256	3	26c855264896db95ed46e502f2d318e5f2ad25b59bdc47bd7ffe92646102ae0d
Details	IPv4	2	217.12.206.116
Details	IPv4	5	45.134.83.29
Details	MITRE ATT&CK Techniques	420	T1204
Details	MITRE ATT&CK Techniques	70	T1574.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	19	T1036.007
Details	MITRE ATT&CK Techniques	130	T1573.001
Details	MITRE ATT&CK Techniques	99	T1132.001
Details	MITRE ATT&CK Techniques	380	T1547.001
Details	Url	2	https://blogs.blackberry.com/en/2022/12/mustang-panda-uses-the-russian-ukrainian-war-to-attack-europe-and-asia-pacific-targets
Details	Url	1	https://www.recordedfuture.com/reddelta-targets-european-government-organizations-continues-iterate-custom-plugx-variant
Details	Url	1	https://twitter.com/esetresearch/status/1400165767488970764