2023-04-26 Evasive Panda APT group delivers malware via updates for popular Chinese software| Threat Intelligence Malaysia

📃Title: Evasive Panda APT group delivers malware via updates for popular Chinese software
📅Date: 2023-04-26
🔗References:

https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

producer ESET
threat-actor Evasive-Panda
target-information=“China”
target-information=“Hong Kong”
target-information=“India”
target-information=“Macau”
target-information=“Malaysia”
target-information=“Myanmar”
target-information=“Nigeria”
target-information=“Philippines”
target-information=“Taiwan”
target-information=“Vietnam”
mitre-attack-pattern=[‘T1560.002’, ‘T1123’, ‘T1119’, ‘T1548.002’, ‘T1115’, ‘T1555.003’, ‘T1025’, ‘T1140’, ‘T1041’, ‘T1083’, ‘T1056.001’, ‘T1074.001’, ‘T1114.001’, ‘T1587.001’, ‘T1112’, ‘T1106’, ‘T1095’, ‘T1027’, ‘T1055.002’, ‘T1113’, ‘T1583.004’, ‘T1569.002’, ‘T1539’, ‘T1082’, ‘T1016’, ‘T1059.003’, ‘T1543.003’]

MISP event uuid: 9b6cede7-8d6c-4aca-8e41-356e8b4f16f5

Indicator of Compromise (IoCs)

type,value,comment
url, http://update.browser.qq.com/qmbs/QQ/QQUrlMgr_QQ88_4296.exe, ''
ip-dst, 123.151.72.74, ''
ip-dst, 183.232.96.107, ''
ip-dst, 61.129.7.35, ''
sha1, 65b03630e186d9b6adc663c313b44ca122ca2079, 'MgBot installer No sample in VT\r\nLast check:09/05/2025'
ip-dst, 122.10.88.226, 'MgBot C&C server'
ip-dst, 122.10.90.12, 'MgBot C&C server'

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2023-04-26 Evasive Panda APT group delivers malware via updates for popular Chinese software

Indicator of Compromise (IoCs)

Graph View