Mustang Panda, a Chinese state-sponsored hacker group, has developed a sophisticated method to infiltrate systems by leveraging a legitimate Microsoft tool, MAVInject.exe, to inject malware. This approach targets users especially in Thailand through spear-phishing emails, coupling malware with legitimate applications to conceal their activities. The attack sequence deploys legitimate and malicious files, using diversion tactics like a decoy PDF. By executing malicious code only when specific antivirus processes are detected, they manage to stay undetected while maintaining control over compromised systems.
The attack involves dropping multiple files, including legitimate executables and malicious components, and deploying a decoy PDF to distract the victim.
Additionally, Earth Preta utilizes Setup Factory, an installer builder for Windows software, to drop and execute the payload; this enables them to evade detection and maintain persistence in compromised systems.
Collection
[
|
...
]