← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
WHITE dekaRituraj 2024-02-22 Modified: 2024-03-23
74
IOCs
HIGH VOLUME
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee said in a new technical write-up.
apt & targeted attacksmalwareendpointsresearcharticlesnewsreportscyber crimelearnplugx malwaredoplugsusbvolumeearth pretatablec serverkillsomeonedoplugs variantdoplugs malwareplugxalliancestopmongolianvirustotalautorunhybridsmallprotectcarriersattackfebruaryfloodmatedownloadcodeservicephishingexecutionfindindonesiasmugxthor plugx
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SMUGX Earth Preta THOR PlugX DOPLUGS PlugX
Indicators of Compromise (10 / 74 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 011478f93a06a229d2a2a65320571f5f MD5 of f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-22
FileHash-MD5 29391b2f30c7c2bfb5170dc8afe3e24c MD5 of dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-22
FileHash-MD5 299ed8a1fed6d9b9932d43567904be25 MD5 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-22
FileHash-MD5 32c26797ab646074a2bb562f9d10adb5 MD5 of b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-22
FileHash-MD5 43b1c51574b4aa1684a05e96b81059b2 MD5 of a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-22
FileHash-MD5 51ecd9b628809aab8463914793d35a1d MD5 of 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-22
FileHash-MD5 9ee6e8f633764c06142c9abeddb9f04c MD5 of 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-22
FileHash-MD5 c160fea304ed0131b9d742dda8802a0f MD5 of d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-22
FileHash-MD5 e24e7c0a3f49aa9adb281d24acde7e92 MD5 of 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-22
FileHash-MD5 eb941fbca579d3c0966de86b904fc298 MD5 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-22
References (2)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html ↗ https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html