Pulse Detail — Threat Intelligence

PULSE NAME

Earth Preta Campaign Uses DOPLUGS to Target Asia

WHITE Earth Preta AlienVault 2024-02-20 Modified: 2024-03-21

IOCs

HIGH VOLUME

A threat actor group called Earth Preta has been running a campaign targeting Asia using a malware called DOPLUGS to infect victims via phishing emails. DOPLUGS serves as a downloader to retrieve a more advanced PlugX malware strain. The campaign has focused on government entities in Taiwan, Vietnam, Malaysia, and other Asian countries. DOPLUGS has constantly evolved since 2022, integrating features like the KillSomeOne USB worm module.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1053.005 T1056.001 T1025 T1036.005 T1587.001 T1204.002 T1566.002 T1082 T1091 T1005 T1140 T1608.001 T1583.004 T1585.002 T1090 T1083 T1049 T1608.005 T1547.001 T1588.002 T1573 T1012 T1071.001 T1574.002 T1564.001

MALWARE FAMILIES

Earth Preta Win32.DOPLUGS.ZYKL.enc PlugX

Indicators of Compromise (6 / 99 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	24c37faff0467d0e7982a683de5634ef	MD5 of 13c31dbbae53517a17f7e6c99031480babe2bd8a07151dbb7f344ab620f3ac11	2024-02-20
FileHash-MD5	317705ca7476ac9a754b80fded717f6b	MD5 of abd6521990e88bd18bbcba063744efe0ccac23063bb340720cc3f610d9b1c770	2024-02-20
FileHash-MD5	5f39a964af306f40536aa6ac57b66758	MD5 of 651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859	2024-02-20
FileHash-MD5	8ff41ca8ff54542f43ad9648ad4f3286	MD5 of 48e37bb7e1ac185d314f262894014e1337a3c14455cd987dd83ac220bae87b3a	2024-02-20
FileHash-MD5	bf344f46cebb452570a1485c2c251970	MD5 of 12c584a685d9dffbee767d7ad867d5f3793518fb7d96ab11e3636edcc490e1bd	2024-02-20
FileHash-MD5	eb941fbca579d3c0966de86b904fc298	MD5 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4	2024-02-20

References (2)

↗ ↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html