Pulse Detail — Threat Intelligence

PULSE NAME

Earth Preta Campaign Uses DOPLUGS to Target Asia

WHITE Earth Preta AlienVault 2024-02-20 Modified: 2024-03-21

IOCs

HIGH VOLUME

A threat actor group called Earth Preta has been running a campaign targeting Asia using a malware called DOPLUGS to infect victims via phishing emails. DOPLUGS serves as a downloader to retrieve a more advanced PlugX malware strain. The campaign has focused on government entities in Taiwan, Vietnam, Malaysia, and other Asian countries. DOPLUGS has constantly evolved since 2022, integrating features like the KillSomeOne USB worm module.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1053.005 T1056.001 T1025 T1036.005 T1587.001 T1204.002 T1566.002 T1082 T1091 T1005 T1140 T1608.001 T1583.004 T1585.002 T1090 T1083 T1049 T1608.005 T1547.001 T1588.002 T1573 T1012 T1071.001 T1574.002 T1564.001

MALWARE FAMILIES

Earth Preta Win32.DOPLUGS.ZYKL.enc PlugX

Indicators of Compromise (58 / 99 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA256	04679defa1a4009bddab2a5d81be747b51a7f0f7aa5e7ebb937b40379a6a4690	—	2024-02-20
FileHash-SHA256	095855cf6c82ae662cce34294f0969ca8c9df266736105c0297d2913a9237dd1	—	2024-02-20
FileHash-SHA256	0df7e56610adad2ed5adfdfab07faedc08a61d9f944a5448aa62e071cffc28c4	—	2024-02-20
FileHash-SHA256	12c584a685d9dffbee767d7ad867d5f3793518fb7d96ab11e3636edcc490e1bd	—	2024-02-20
FileHash-SHA256	13c31dbbae53517a17f7e6c99031480babe2bd8a07151dbb7f344ab620f3ac11	—	2024-02-20
FileHash-SHA256	16b62c9dc6060a19a5b64491b7242ace1c707dbe531b843c854fcc1dc39febbe	—	2024-02-20
FileHash-SHA256	17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82	—	2024-02-20
FileHash-SHA256	1a8aeee97a31f2de076b8ea5c04471480aefd5d82c57eab280443c7c376f8d5c	—	2024-02-20
FileHash-SHA256	25967270d67253c72532a7e0416eb27ff249bc17dc1d7cded0148f8f4b932789	—	2024-02-20
FileHash-SHA256	26b1d37ea3da6a6213b65b000dbb39575d858fa274aea895cc3bf62e706fce5d	—	2024-02-20
FileHash-SHA256	32609faef0b04f0c37c4cf081c147872a45c59d7c4fbca35deb40d144b0226ad	—	2024-02-20
FileHash-SHA256	33ff6318a3e745420c884f35709f2799f2fe461a6a5bb5b1e3166b9ab2ff142f	—	2024-02-20
FileHash-SHA256	364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321	—	2024-02-20
FileHash-SHA256	39f8288ef21f5d6135f8418a36b9045c9758c4e7a4e4cab4aff4c1c6119f901a	—	2024-02-20
FileHash-SHA256	3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b	—	2024-02-20
FileHash-SHA256	42663f9d1ad0fe190912800b92c64d38b6f74fac23281b87180a4fef5bc2efd6	—	2024-02-20
FileHash-SHA256	42c18766b5492c5f0eaa935cf88e57d12ffd30d6f3cc2e9e0a3c0bdcdfa44ad5	—	2024-02-20
FileHash-SHA256	471e61015ff18349f4bf357447597a54579839336188d98d299b14cff458d132	—	2024-02-20
FileHash-SHA256	48e37bb7e1ac185d314f262894014e1337a3c14455cd987dd83ac220bae87b3a	—	2024-02-20
FileHash-SHA256	4c1b5283f05322edfb0ef8b9d5cf75b62b558fcaefed921f1143765a3bd6248e	—	2024-02-20
FileHash-SHA256	5700535f19a382c8b84db6bff3a077e15269df0ec10ea6257e2fa203720356b4	—	2024-02-20
FileHash-SHA256	583941ca6e1a2e007f5f0e2e112054e44b18687894ac173d0e93e035cea25e83	—	2024-02-20
FileHash-SHA256	5dd7813fa8aad22bd6c80811c8c7300f114a8e7897a2bd46343a06884d774914	—	2024-02-20
FileHash-SHA256	60b3a42b96b98868cae2c8f87d6ed74a57a64b284917e8e0f6c248c691d51797	—	2024-02-20
FileHash-SHA256	651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859	—	2024-02-20
FileHash-SHA256	67c23db357588489031700ea8c7dc502a6081d7d1a620c03b82a8f281aa6bde6	—	2024-02-20
FileHash-SHA256	6e625bbcecc45b6b556141eef37ffd31aa4861ce4debca6500be72364172ffc7	—	2024-02-20
FileHash-SHA256	70fac63465187ae5c2f057efc291bc34987dff46bec565a7e8f07f9899527224	—	2024-02-20
FileHash-SHA256	71bba2753da5006015bc890d30b1ed207a446e9f34c7e0157d6591bf573f3787	—	2024-02-20
FileHash-SHA256	74f3101e869cedb3fc6608baa21f91290bb3db41c4260efe86f9aeb7279f18a1	—	2024-02-20
FileHash-SHA256	77a49637bf4047959419c41867437957619d03059b5d3f8d9af26e6ae2347db6	—	2024-02-20
FileHash-SHA256	7c741c8bcd19990140f3fa4aa95bb195929c9429fc47f95cf4ab9fad03040f7b	—	2024-02-20
FileHash-SHA256	8615cc8487833522ffd014c0f0661b3d1bed7a4cb51138b1ee172173002192be	—	2024-02-20
FileHash-SHA256	88c8eb7d2a64e0f675cb2ac3da69cdf314a08a702a65c992bcb7f6d9ec15704b	—	2024-02-20
FileHash-SHA256	8e4a4d202d57c79dc0f40ae032f9d7b0ea7ce5024128a2aa227decc228e16113	—	2024-02-20
FileHash-SHA256	908ff3a80ef065ab4be1942e0d41583903f6aac02d97df6b4a92a07a633397a8	—	2024-02-20
FileHash-SHA256	95205b92d597489b33854e70d86f16d46201803a1a9cb5379c0d6b7c0784dbc7	—	2024-02-20
FileHash-SHA256	9610cbcd4561368b6612cad1693982c43c8d81b0d52bb264c5f606f2478c1c58	—	2024-02-20
FileHash-SHA256	a0a3eeb6973f12fe61e6e90fe5fe8e406a8e00b31b1511a0dfe9a88109d0d129	—	2024-02-20
FileHash-SHA256	a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916	—	2024-02-20
FileHash-SHA256	a102626700691e57ece83a4ce24d995e57449508238eb5688954b78448be9172	—	2024-02-20
FileHash-SHA256	a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f	—	2024-02-20
FileHash-SHA256	abd6521990e88bd18bbcba063744efe0ccac23063bb340720cc3f610d9b1c770	—	2024-02-20
FileHash-SHA256	b6e88396594070a92cbf1c313858392b052703944162de64ce3ad494996bd177	—	2024-02-20
FileHash-SHA256	b6f375d8e75c438d63c8be429ab3b6608f1adcd233c0cc939082a6d7371c09bb	—	2024-02-20
FileHash-SHA256	c4627a5525a7f39205412a915fd52b93d83ef0115ee1b2642705fe1a08320692	—	2024-02-20
FileHash-SHA256	c7ec098093eb08d2b36d1c37b928d716d8da021f93319a093808a7ceb3b35dc1	—	2024-02-20
FileHash-SHA256	c9da5b0a8dee27fbf5d7bbb4c9b9b38d8c0c547479d315efd62599a3c5d9cb13	—	2024-02-20
FileHash-SHA256	ca1ada6770b85771f98e5c02310449ab73231034cfa78b8861850368208c7698	—	2024-02-20
FileHash-SHA256	cd60e1c7d418a9c6ad4705d315f8ace2cdc3fd0528e71064dd80bbbd51bc2b76	—	2024-02-20
FileHash-SHA256	d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc	—	2024-02-20
FileHash-SHA256	d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4	—	2024-02-20
FileHash-SHA256	dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c	—	2024-02-20
FileHash-SHA256	e3bae2e2b757a76db92ab017328d1459b181f8d98e04b691b62ff65d1e1be280	—	2024-02-20
FileHash-SHA256	e6bc87e3e3d98a0a8db4fcd7cd5a9b89d4a7b125de450dfb8f387d2a9e09face	—	2024-02-20
FileHash-SHA256	eb9e557fac3dd50cc46a544975235ebfce6b592e90437d967c9afba234a33f13	—	2024-02-20
FileHash-SHA256	f4f36c78cbf9901f224de427f42b390c83190c7c1cc4bce8b66f596e62df02d0	—	2024-02-20
FileHash-SHA256	f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5	—	2024-02-20

References (2)

↗ ↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html