This Threat Thursday session will cover our new threat emulation plan covering Earth Preta's (Mustang Panda) recent campaign. Notable behaviors in this threat include exfiltration utilizing curl over FTP, and persistence in multiple locations such as Run keys and scheduled tasks. Earth Preta Threat Actors have also been observed utilizing removable drives for initial access and execution, we will cover how to utilize a BADUSB or FlipperZero to emulate these actions.