STATICPLUGIN

Malware & Tools · STATICPLUGIN

· MalwareS1238 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

STATICPLUGIN is a downloader known to be leveraged by Mustang Panda and was first observed utilized in 2025. STATICPLUGIN has utilized a valid certificate in order to bypass endpoint security protections. STATICPLUGIN masqueraded as legitimate software installer by using a custom TForm. STATICPLUGIN has been leveraged to deploy a loader that facilitates follow on malware.(Citation: Google Threat Intelligence Group MUSTANG PANDA PLUGX August 2025)

Tactic Coverage

stealth (2)execution (2)defense impairment (1)

Used By (1 groups)

G0129Mustang PandaTA416, RedDelta

Techniques (5)

T1036.005Match Legitimate Resource Name or Location

stealth

T1036.008Masquerade File Type

stealth

T1204.002Malicious File

execution

T1553.002Code Signing

defense impairment

T1559.001Component Object Model

execution

References

https://attack.mitre.org/software/S1238 https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats