Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Mustang Panda, a threat actor group, has developed new tools including two keyloggers (PAKLOG and CorKLOG) and an EDR evasion driver (SplatCloak). PAKLOG monitors keystrokes and clipboard data, using a custom encoding scheme. CorKLOG captures keystrokes, encrypts data with RC4, and establishes persistence through services or scheduled tasks. SplatCloak disables kernel-level notification callbacks for Windows Defender and Kaspersky drivers, employing obfuscation techniques like control flow flattening and mixed boolean arithmetic. These tools demonstrate Mustang Panda's evolving capabilities in targeted attacks, with a focus on evading detection and maintaining operational security.
OPENCTI LABELS :
toneshell,windows,splatcloak,corklog,starproxy,paklog
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Latest Mustang Panda Arsenal: PAKLOG, CorKLOG, and SplatCloak