Panda has constantly updated its infrastructure, exploits, and payloads. It is believed that this malware is capable of spreading cryptocurrency miners and hence poses a major threat.
Panda was first spotted in July 2018 and was associated with the ‘MassMiner’ campaign.
Observations from researchers
Threat traps indicate that Panda is using exploits that were used by Shadow Brokers and Mimikatz.
“They attempt to hide their miners using the exact same popular techniques we see with other groups. Their infrastructure is predictable: I can usually peg a new Panda domain as soon as I see it in the data; they tend to just be iterations of each other,” Cisco’s Evans told Threatpost.
Although Panda does not have any advanced operations in place, it remains a major threat to organizations as it is consistent and exploits known vulnerabilities.
Cisco has published a list of Indicators of Compromise (IOCs) on their blog that you can monitor.