National Cyber Warfare Foundation (NCWF)

Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT
0 user ratings		2026-06-02 11:42:14
milo
Red Team (CNA)

Mustang Panda is using a fake “Browser Updater” and a multi‑stage LNK–PowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultimately beaconing over HTTPS to a hard‑coded C2 while hiding configuration and strings behind layered encryption and API hashing. Mustang Panda is a China‑nexus APT group, long associated with PlugX remote access […]


The post Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.



Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/mustang-panda-uses-lnk/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2026 - National Cyber Warfare Foundation - All rights reserved worldwide.