TA416 Plug X: A Change in the Configuration Structure

Send us fan mail!

Chinese Threat Actor TA416, otherwise known as Mustang Panda, has been active for a long time, and every time they get knocked down, they get up again. 
In this episode, Michael Raggi, Senior Threat Researcher, and Pim Trouerbach, Senior Reverse Engineer, both with Proofpoint, give us an overview of TA416 — the “Tubthumping” villains of the threat landscape. 
Join us as we discuss:
The evolving tactics of TA416
PlugX malware and control flow flattening
Tips for dealing with emerging threats 


Check out these resources we mentioned:
Michael’s Twitter: https://twitter.com/aRtAGGI/status/1501030779480125441 
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
https://www.theregister.com/2022/03/09/china_apt41_mandiant_usaherds/ 
Tubthumping by Chumbawamba  


Keep up with the latest tales from the threat research trenches by subscribing to DISCARDED in Apple Podcasts, Spotify, or wherever you get podcasts. Thanks for listening!