Published On Apr 19, 2024
Talk Title: Trashing the Pandas: Analyzing Current Infrastructure Trends and T9000v2 - A Mustang Panda Case Study
Speaker: floofpwn
Description:
"This talk will cover my process for gaining further intelligence from CTI writeups by using OSINT resources, such as Censys and GreyNoise, to identify clusters of activity and potential threat actor related open directories.
We will specifically cover the campaigns of Mustang Panda/TA416/Stately Taurus reported by Curated Intel’s CSIRT-CTI late January/early February of 2024, as well as broader infrastructure trends since then. This will transition into the discovery of several related open directories hosting T9000v2, its APK based spyware, the plugins within, and some easter eggs.
To finish things off, we’ll be handing out some IoCs and spelling advice!"
Learn more about GreyNoise's community here: https://greynoise.io/community
Join us on Discord:
/ discord
Check out GreyNoise's Podcast, StormWatch:
https://www.greynoise.io/stormwatch