← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
WHITE dekaRituraj 2024-02-22 Modified: 2024-03-23
74
IOCs
HIGH VOLUME
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee said in a new technical write-up.
apt & targeted attacksmalwareendpointsresearcharticlesnewsreportscyber crimelearnplugx malwaredoplugsusbvolumeearth pretatablec serverkillsomeonedoplugs variantdoplugs malwareplugxalliancestopmongolianvirustotalautorunhybridsmallprotectcarriersattackfebruaryfloodmatedownloadcodeservicephishingexecutionfindindonesiasmugxthor plugx
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SMUGX Earth Preta THOR PlugX DOPLUGS PlugX
Indicators of Compromise (17 / 74 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 2024-02-22
FileHash-SHA256 1a8aeee97a31f2de076b8ea5c04471480aefd5d82c57eab280443c7c376f8d5c 2024-02-22
FileHash-SHA256 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 2024-02-22
FileHash-SHA256 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b 2024-02-22
FileHash-SHA256 583941ca6e1a2e007f5f0e2e112054e44b18687894ac173d0e93e035cea25e83 2024-02-22
FileHash-SHA256 60b3a42b96b98868cae2c8f87d6ed74a57a64b284917e8e0f6c248c691d51797 2024-02-22
FileHash-SHA256 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc 2024-02-22
FileHash-SHA256 a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 2024-02-22
FileHash-SHA256 a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f 2024-02-22
FileHash-SHA256 b975af70ee9bdfdc6e491b58dd83385f3396429a728f9939abade48d15941ea1 2024-02-22
FileHash-SHA256 b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 2024-02-22
FileHash-SHA256 d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc 2024-02-22
FileHash-SHA256 d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 2024-02-22
FileHash-SHA256 dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c 2024-02-22
FileHash-SHA256 e3bae2e2b757a76db92ab017328d1459b181f8d98e04b691b62ff65d1e1be280 2024-02-22
FileHash-SHA256 eb9e557fac3dd50cc46a544975235ebfce6b592e90437d967c9afba234a33f13 2024-02-22
FileHash-SHA256 f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 2024-02-22
References (2)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html ↗ https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html