Mgbot

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
MgBot is a sophisticated malware used exclusively by the threat actor group known as Evasive Panda. This malicious software, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computer systems without the user's knowledge. Once inside, MgBot collects information about system processes, injects its loader components into svchost.exe, and loads either itself or another backdoor program called Nightdoor. Both of these malware types have self-uninstalling capabilities and can delete files from the infected system. They are often delivered via malicious downloaders for Windows and macOS, utilizing watering hole and supply chain tactics. Evasive Panda has employed a mix of known and unknown tools in their cyberattacks, including the custom-made Windows backdoor "Nightdoor" and MgBot. The group acquired servers for the command-and-control (C&C) infrastructure of Nightdoor, MgBot, and the macOS downloader component, aiming to infect website visitors with these malicious programs. The attackers fielded several downloaders, droppers, and backdoors, targeting networks primarily in East Asia. Specific global geographic visitors to the compromised sites were infected with droppers and backdoors, which included Nightdoor and MgBot. The Evasive Panda group uses a custom malware framework with a modular architecture, enabling its backdoor, MgBot, to receive modules that enhance its spying capabilities on victims. Researchers at ESET shared that this framework allows the group to significantly increase the malware's functionality. The group's strategy involves deploying the MgBot malware framework and an undocumented backdoor dubbed 'Nightdoor' via malicious downloaders for Windows and macOS. More details about Evasive Panda’s techniques can be found in various cybersecurity resources such as ESET Research and Infosecurity Magazine.
What's your take? (Question 1 of 5)
6aa595bb-0879-4675-8dab-cd68fa1779fc Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Windows
Apt
Evasive
Downloader
Chinese
Eset
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
NightdoorUnspecified
3
Nightdoor is a complex and malicious software (malware) that was introduced in 2020 by the Evasive Panda Advanced Persistent Threat (APT) group, which is linked to China. This malware communicates with a command-and-control server to issue commands, upload data, and create a reverse shell, effective
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Evasive PandaUnspecified
4
Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, is a threat actor group believed to be aligned with China. This group has been involved in a series of cyberespionage campaigns targeting Tibetans globally, starting from September 2023 or earlier. The group's operations have impacted syste
DaggerflyUnspecified
2
DaggerFly, also known as Evasive Panda and Bronze Highland, is a Chinese-speaking Advanced Persistent Threat (APT) group that has been active since at least 2012. The group primarily conducts cyber espionage operations against individuals in mainland China, Hong Kong, Macao, and Nigeria, as well as
Bronze HighlandUnspecified
2
Bronze Highland, also known as Evasive Panda and Daggerfly, is a Chinese-speaking advanced persistent threat (APT) group that has been active since at least 2012. The group has been observed conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. It targets no
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Mgbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
Evasive Panda APT group delivers malware via updates for popular Chinese software | WeLiveSecurity
CERT-EU
3 months ago
Evasive Panda leverages Monlam Festival to target Tibetans
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates
InfoSecurity-magazine
a year ago
Evasive Panda's Backdoor MgBot Delivered Via Chinese Software Updates
DARKReading
3 months ago
China-Linked Cyber Spies Blend Watering Hole, Supply Chain Attacks
DARKReading
a year ago
China's 'Evasive Panda' Hijacks Software Updates to Deliver Custom Backdoor
InfoSecurity-magazine
3 months ago
Evasive Panda Targets Tibet With Trojanized Software
CERT-EU
3 months ago
China Panda APT Hacking Websites To Infect Windows And MacOS Visitors With Malware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
Cyber security week in review: April 21, 2023
CERT-EU
a year ago
Chinese APT Group Hijacks Software Updates for Malware Delivery | IT Security News
CERT-EU
3 months ago
Well-equipped, resourced Chinese-backed hacking group targeting Tibetan networks | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
CERT-EU
3 months ago
China State-Sponsored Spies Hack Site and Target User Systems in Asia
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates | IT Security News
CERT-EU
a year ago
Chinese Cyberspies Delivered Malware via Legitimate Software Updates | Antivirus and Security news
CERT-EU
3 months ago
Cyber Briefing: 2024.03.08. 👉 What are the latest cybersecurity… | by CyberMaterial | Mar, 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
3 months ago
Cyber Security Week in Review: March 8, 2024
InfoSecurity-magazine
10 months ago
Ukraine's CERT-UA Exposes Gamaredon's Rapid Data Theft Methods
CERT-EU
a year ago
Cyber security week in review: April 28, 2023