← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Earth Preta Campaign Uses DOPLUGS to Target Asia
WHITE Earth Preta AlienVault 2024-02-20 Modified: 2024-03-21
99
IOCs
HIGH VOLUME
A threat actor group called Earth Preta has been running a campaign targeting Asia using a malware called DOPLUGS to infect victims via phishing emails. DOPLUGS serves as a downloader to retrieve a more advanced PlugX malware strain. The campaign has focused on government entities in Taiwan, Vietnam, Malaysia, and other Asian countries. DOPLUGS has constantly evolved since 2022, integrating features like the KillSomeOne USB worm module.
earth pretaaptdoplugsplugxphishing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Earth Preta Win32.DOPLUGS.ZYKL.enc PlugX
Indicators of Compromise (15 / 99 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://electrictulsa.com:443 2024-02-20
URL http://iamc2c2.com:443 2024-02-20
URL http://images.kiidcloud.com:443 2024-02-20
URL http://images.markplay.net:443 2024-02-20
URL http://ivibers.com:443 2024-02-20
URL http://meetviberapi.com:443 2024-02-20
URL http://mongolianshipregistrar.com:443 2024-02-20
URL http://news.comsnews.com:443 2024-02-20
URL http://news.comsnews.com:5938 2024-02-20
URL http://thisistestc2.com:443 2024-02-20
URL http://web.bonuscave.com:8080 2024-02-20
URL http://www.markplay.net:8080 2024-02-20
URL https://getfiledown.com/utdkt 2024-02-20
URL https://getfiledown.com/vgbskgyu 2024-02-20
URL https://getfilefox.com/enmjgwvt 2024-02-20
References (2)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html