Skip to content

Hide Navigation Hide TOC

StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49)

StarProxy is custom malware used by Mustang Panda as a post-compromise tool, to enable proxying of traffic between the infected machine and other machines on the same network. (Citation: Zscaler)

Cluster A Galaxy A Cluster B Galaxy B Level
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
Native API - T1106 (391d824f-0ef1-47a0-b0ee-c59a75e27670) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
Deobfuscate/Decode Files or Information - T1140 (3ccef7ae-cb5e-48f6-8302-897105fbf55c) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
System Time Discovery - T1124 (f3c544dc-673c-4ef3-accb-53229f1ae077) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware 1
StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 1
StarProxy - S1227 (e91d3543-ca5d-474b-8b20-5a753ebc6e49) Malware Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern 1
Protocol or Service Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
DLL - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2