← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Earth Preta Campaign Uses DOPLUGS to Target Asia
WHITE CyberHunter_NL 2024-02-20 Modified: 2024-03-21
60
IOCs
HIGH VOLUME
Trend Vision One is a comprehensive platform for threat protection and cyber risk management, designed for the cloud and multi-cloud world. £1.5bn of sales worldwide in 2017-18
apt & targeted attacksmalwareendpointsresearcharticlesnewsreportscyber crimelearnplugx malwaredoplugsusbvolumeearth pretatablec serverkillsomeonetrend microdoplugs variantplugxalliancestopmongolianvirustotalautorunhybridsmallprotectcarriersattackfebruaryfloodmatedownloadcodeservicephishingexecutionransomwarefindindonesiasmugxthor plugx
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SMUGX Earth Preta THOR PlugX DOPLUGS PlugX
Indicators of Compromise (60)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
CVE CVE-2021-26084 2024-02-20
CVE CVE-2024-21412 2024-02-20
FileHash-MD5 299ed8a1fed6d9b9932d43567904be25 MD5 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-20
FileHash-MD5 eb941fbca579d3c0966de86b904fc298 MD5 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-20
FileHash-SHA1 c67721fd954f41c7b958b4c17052fa6e22896c79 SHA1 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-20
FileHash-SHA1 d2aa567fa30befa6e082376b11587aa0f3b0d5b7 SHA1 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-20
FileHash-SHA256 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-20
FileHash-SHA256 1a8aeee97a31f2de076b8ea5c04471480aefd5d82c57eab280443c7c376f8d5c 2024-02-20
FileHash-SHA256 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-20
FileHash-SHA256 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-20
FileHash-SHA256 583941ca6e1a2e007f5f0e2e112054e44b18687894ac173d0e93e035cea25e83 2024-02-20
FileHash-SHA256 60b3a42b96b98868cae2c8f87d6ed74a57a64b284917e8e0f6c248c691d51797 2024-02-20
FileHash-SHA256 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-20
FileHash-SHA256 a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-20
FileHash-SHA256 a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f 2024-02-20
FileHash-SHA256 b975af70ee9bdfdc6e491b58dd83385f3396429a728f9939abade48d15941ea1 2024-02-20
FileHash-SHA256 b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-20
FileHash-SHA256 d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-20
FileHash-SHA256 d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-20
FileHash-SHA256 dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-20
FileHash-SHA256 e3bae2e2b757a76db92ab017328d1459b181f8d98e04b691b62ff65d1e1be280 2024-02-20
FileHash-SHA256 eb9e557fac3dd50cc46a544975235ebfce6b592e90437d967c9afba234a33f13 2024-02-20
FileHash-SHA256 f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-20
URL http://103.192.226.46:44 2024-02-20
URL http://103.56.53.120:80 2024-02-20
URL http://103.56.53.120:8080 2024-02-20
URL http://149.104.12.64:443 2024-02-20
URL http://154.204.27.181:110 2024-02-20
URL http://154.204.27.181:80 2024-02-20
URL http://176.113.69.91:443 2024-02-20
URL http://45.131.179.179:22 2024-02-20
URL http://45.131.179.179:443 2024-02-20
URL http://45.131.179.179:5938 2024-02-20
URL http://45.251.240.55:443 2024-02-20
URL http://45.251.240.55:8080 2024-02-20
URL http://45.83.236.105:443 2024-02-20
URL http://electrictulsa.com:443 2024-02-20
URL http://images.kiidcloud.com:443 2024-02-20
URL http://images.markplay.net:443 2024-02-20
URL http://ivibers.com:443 2024-02-20
URL http://meetviberapi.com:443 2024-02-20
URL http://news.comsnews.com:443 2024-02-20
URL http://news.comsnews.com:5938 2024-02-20
URL http://web.bonuscave.com:8080 2024-02-20
URL http://www.markplay.net:8080 2024-02-20
URL https://getfiledown.com/utdkt 2024-02-20
URL https://getfiledown.com/vgbskgyu 2024-02-20
URL https://getfiledown.com/vgbskgyu' 2024-02-20
URL https://getfilefox.com/enmjgwvt 2024-02-20
domain electrictulsa.com 2024-02-20
domain estmongolia.com 2024-02-20
domain getfiledown.com 2024-02-20
domain getfilefox.com 2024-02-20
domain ivibers.com 2024-02-20
domain meetviberapi.com 2024-02-20
hostname images.kiidcloud.com 2024-02-20
hostname images.markplay.net 2024-02-20
hostname news.comsnews.com 2024-02-20
hostname web.bonuscave.com 2024-02-20
hostname www.markplay.net 2024-02-20
References (1)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html