2022-11-30

Mustang Panda Target Asian Government Entities

Level: 
Tactical
  |  Source: 
LAC
Government
Share:

Mustang Panda Target Asian Government Entities

Category: Threat Actor Activity | Industry: Government | Level: Tactical | Source: LAC

Security researcher Yoshihiro Ishikawa discovered new activity associated with threat actor Mustang Panda delivering malicious ZIP files containing new malware, Claimloader. The campaign has currently targeted the Philippine government and other related entities. However, based on the file name used, "The US-Japan-Philippines Security Triangle: Enhancing Maritime Security, Shared Strategic Outlooks, and Defense Cooperation," this campaign has the potential to be repurposed to target Japan as well. Chaimloader initiates DLL-sideloading when the compressed file is executed. The malware is capable of establishing persistence using a scheduled task and adding itself to the Run registry. Chaimloader runs shellcode to communicate with the attacker's command and control (C2) server.

Anvilogic Scenario:

  • Malicious File Delivering Malware

Anvilogic Use Cases:

  • Compressed File Execution
  • Create/Modify Schtasks
  • New AutoRun Registry Key

Get trending threats published weekly by the Anvilogic team.

Sign Up Now