← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
WHITE dekaRituraj 2024-02-22 Modified: 2024-03-23
74
IOCs
HIGH VOLUME
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee said in a new technical write-up.
apt & targeted attacksmalwareendpointsresearcharticlesnewsreportscyber crimelearnplugx malwaredoplugsusbvolumeearth pretatablec serverkillsomeonedoplugs variantdoplugs malwareplugxalliancestopmongolianvirustotalautorunhybridsmallprotectcarriersattackfebruaryfloodmatedownloadcodeservicephishingexecutionfindindonesiasmugxthor plugx
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SMUGX Earth Preta THOR PlugX DOPLUGS PlugX
Indicators of Compromise (74)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 011478f93a06a229d2a2a65320571f5f MD5 of f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-22
FileHash-MD5 29391b2f30c7c2bfb5170dc8afe3e24c MD5 of dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-22
FileHash-MD5 299ed8a1fed6d9b9932d43567904be25 MD5 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-22
FileHash-MD5 32c26797ab646074a2bb562f9d10adb5 MD5 of b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-22
FileHash-MD5 43b1c51574b4aa1684a05e96b81059b2 MD5 of a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-22
FileHash-MD5 51ecd9b628809aab8463914793d35a1d MD5 of 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-22
FileHash-MD5 9ee6e8f633764c06142c9abeddb9f04c MD5 of 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-22
FileHash-MD5 c160fea304ed0131b9d742dda8802a0f MD5 of d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-22
FileHash-MD5 e24e7c0a3f49aa9adb281d24acde7e92 MD5 of 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-22
FileHash-MD5 eb941fbca579d3c0966de86b904fc298 MD5 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-22
FileHash-SHA1 02299d95841ae0a807b919869ca4aee47c2eb47e SHA1 of a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-22
FileHash-SHA1 276569711e3a93259f2143c28de37a7533ebb58e SHA1 of d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-22
FileHash-SHA1 38e5be7c058a1132dbbda7185abbac77366ccd6f SHA1 of dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-22
FileHash-SHA1 53756fc875b1529407ce0878bcf53fc29d2e0067 SHA1 of 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-22
FileHash-SHA1 c67721fd954f41c7b958b4c17052fa6e22896c79 SHA1 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-22
FileHash-SHA1 c7e9c45b18c8ab355f1c07879cce5a3e58620dd7 SHA1 of f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-22
FileHash-SHA1 d2aa567fa30befa6e082376b11587aa0f3b0d5b7 SHA1 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-22
FileHash-SHA1 d68efab62dc43b35dc856e264f67f8e8d3034e80 SHA1 of 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-22
FileHash-SHA1 f21fbe42eba84d6300e6f4cf59426d2f10a1ed09 SHA1 of 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-22
FileHash-SHA1 f478d70bc193f7c24da563e9eda7eb86239bbe12 SHA1 of b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-22
FileHash-SHA256 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-22
FileHash-SHA256 1a8aeee97a31f2de076b8ea5c04471480aefd5d82c57eab280443c7c376f8d5c 2024-02-22
FileHash-SHA256 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-22
FileHash-SHA256 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-22
FileHash-SHA256 583941ca6e1a2e007f5f0e2e112054e44b18687894ac173d0e93e035cea25e83 2024-02-22
FileHash-SHA256 60b3a42b96b98868cae2c8f87d6ed74a57a64b284917e8e0f6c248c691d51797 2024-02-22
FileHash-SHA256 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-22
FileHash-SHA256 a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-22
FileHash-SHA256 a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f 2024-02-22
FileHash-SHA256 b975af70ee9bdfdc6e491b58dd83385f3396429a728f9939abade48d15941ea1 2024-02-22
FileHash-SHA256 b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-22
FileHash-SHA256 d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-22
FileHash-SHA256 d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-22
FileHash-SHA256 dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-22
FileHash-SHA256 e3bae2e2b757a76db92ab017328d1459b181f8d98e04b691b62ff65d1e1be280 2024-02-22
FileHash-SHA256 eb9e557fac3dd50cc46a544975235ebfce6b592e90437d967c9afba234a33f13 2024-02-22
FileHash-SHA256 f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-22
URL http://103.192.226.46:44 2024-02-22
URL http://103.56.53.120:80 2024-02-22
URL http://103.56.53.120:8080 2024-02-22
URL http://149.104.12.64:443 2024-02-22
URL http://154.204.27.181:110 2024-02-22
URL http://154.204.27.181:80 2024-02-22
URL http://176.113.69.91:443 2024-02-22
URL http://45.131.179.179:22 2024-02-22
URL http://45.131.179.179:443 2024-02-22
URL http://45.131.179.179:5938 2024-02-22
URL http://45.251.240.55:443 2024-02-22
URL http://45.251.240.55:8080 2024-02-22
URL http://45.83.236.105:443 2024-02-22
URL http://electrictulsa.com:443 2024-02-22
URL http://images.kiidcloud.com:443 2024-02-22
URL http://images.markplay.net:443 2024-02-22
URL http://ivibers.com:443 2024-02-22
URL http://meetviberapi.com:443 2024-02-22
URL http://news.comsnews.com:443 2024-02-22
URL http://news.comsnews.com:5938 2024-02-22
URL http://web.bonuscave.com:8080 2024-02-22
URL http://www.markplay.net:8080 2024-02-22
URL https://getfiledown.com/utdkt 2024-02-22
URL https://getfiledown.com/vgbskgyu 2024-02-22
URL https://getfiledown.com/vgbskgyu' 2024-02-22
URL https://getfilefox.com/enmjgwvt 2024-02-22
domain electrictulsa.com 2024-02-22
domain estmongolia.com 2024-02-22
domain getfiledown.com 2024-02-22
domain getfilefox.com 2024-02-22
domain ivibers.com 2024-02-22
domain meetviberapi.com 2024-02-22
hostname images.kiidcloud.com 2024-02-22
hostname images.markplay.net 2024-02-22
hostname news.comsnews.com 2024-02-22
hostname web.bonuscave.com 2024-02-22
hostname www.markplay.net 2024-02-22
References (2)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html ↗ https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html