2023-04-26 Evasive Panda APT group delivers malware via updates for popular Chinese software| Threat Intelligence Malaysia

📃Title: Evasive Panda APT group delivers malware via updates for popular Chinese software
📅Date: 2023-04-26
🔗References:

https://www.welivesecurity.com/2023/04/26/evasive-panda-apt-group-malware-updates-popular-chinese-software/

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

producer= ESET
threat-actor= Evasive-Panda
target-information=“China”
target-information=“Hong Kong”
target-information=“India”
target-information=“Macau”
target-information=“Malaysia”
target-information=“Myanmar”
target-information=“Nigeria”
target-information=“Philippines”
target-information=“Taiwan”
target-information=“Vietnam”
mitre-attack-pattern=[‘T1560.002’, ‘T1123’, ‘T1119’, ‘T1548.002’, ‘T1115’, ‘T1555.003’, ‘T1025’, ‘T1140’, ‘T1041’, ‘T1083’, ‘T1056.001’, ‘T1074.001’, ‘T1114.001’, ‘T1587.001’, ‘T1112’, ‘T1106’, ‘T1095’, ‘T1027’, ‘T1055.002’, ‘T1113’, ‘T1583.004’, ‘T1569.002’, ‘T1539’, ‘T1082’, ‘T1016’, ‘T1059.003’, ‘T1543.003’]

MISP event uuid: 9b6cede7-8d6c-4aca-8e41-356e8b4f16f5

Indicator of Compromise (IoCs)

type,value,comment
md5, 011f7a50fd410bfa0666f1150b2c3351, 'MgBot information stealer plugin'
md5, 13546e9d36effa74f971d90687b60ea6, 'MgBot file stealer plugin'
md5, d7a70062736c8d34823cfb835cf5c34c, 'MgBot keylogger plugin'
md5, b2a36442e68848944365d3d1b8b7554a, 'MgBot cookie stealer plugin'
md5, 889a7ae42fb44390ab99af071dd3d6b0, 'MgBot information stealer plugin'
md5, 07df8d223f8a370cd703d177d7e93a36, 'MgBot audio capture plugin'
md5, ae5d92ef69074050a822f6669fe267b6, 'MgBot clipboard text capture plugin'
md5, f553ea019b79742eabcbacd387231623, 'MgBot credential stealer plugin'
md5, cc6e4be68c511637a5727a2cc02c1161, 'MgBot credential stealer plugin'
url, http://update.browser.qq.com/qmbs/QQ/QQUrlMgr_QQ88_4296.exe, ''
ip-dst, 123.151.72.74, ''
ip-dst, 183.232.96.107, ''
ip-dst, 61.129.7.35, ''
sha1, 65b03630e186d9b6adc663c313b44ca122ca2079, 'MgBot installer No sample in VT\r\nLast check:09/05/2025'
ip-dst, 122.10.88.226, 'MgBot C&C server'
ip-dst, 122.10.90.12, 'MgBot C&C server'

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2023-04-26 Evasive Panda APT group delivers malware via updates for popular Chinese software

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View