Potential APT Mustang Panda Activity Against Australian Gov

Aug 12, 2024 · attack.execution attack.g0129 detection.emerging-threats ·

Detects specific command line execution used by Mustang Panda in a targeted attack against the Australian government as reported by Lab52

Sigma rule (View on GitHub)

 1title: Potential APT Mustang Panda Activity Against Australian Gov
 2id: 7806bb49-f653-48d3-a915-5115c1a85234
 3status: test
 4description: Detects specific command line execution used by Mustang Panda in a targeted attack against the Australian government as reported by Lab52
 5references:
 6    - https://lab52.io/blog/new-mustang-pandas-campaing-against-australia/
 7author: Nasreddine Bencherchali (Nextron Systems)
 8date: 2023-05-15
 9tags:
10    - attack.execution
11    - attack.g0129
12    - detection.emerging-threats
13logsource:
14    category: process_creation
15    product: windows
16detection:
17    selection_1:
18        CommandLine|contains|all:
19            - 'copy SolidPDFCreator.dll'
20            - 'C:\Users\Public\Libraries\PhotoTvRHD\SolidPDFCreator.dll'
21    selection_2:
22        CommandLine|contains|all:
23            - 'reg '
24            - '\Windows\CurrentVersion\Run'
25            - 'SolidPDF'
26            - 'C:\Users\Public\Libraries\PhotoTvRHD\'
27    condition: 1 of selection_*
28falsepositives:
29    - Unlikely
30level: high

References

New Mustang Panda’s campaing against Australia

AUKUS (Australia-United Kingdom-United States) is a strategic military alliance between these territories that became a reality in 2021, whose main objective is to build nuclear-powered submarines ...

Read More

Potential APT Mustang Panda Activity Against Australian Gov

Sigma rule (View on GitHub)

References

New Mustang Panda’s campaing against Australia

Related rules