← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
WHITE dekaRituraj 2024-02-22 Modified: 2024-03-23
74
IOCs
HIGH VOLUME
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command module, and that the former is only used for downloading the latter," Trend Micro researchers Sunny Lu and Pierre Lee said in a new technical write-up.
apt & targeted attacksmalwareendpointsresearcharticlesnewsreportscyber crimelearnplugx malwaredoplugsusbvolumeearth pretatablec serverkillsomeonedoplugs variantdoplugs malwareplugxalliancestopmongolianvirustotalautorunhybridsmallprotectcarriersattackfebruaryfloodmatedownloadcodeservicephishingexecutionfindindonesiasmugxthor plugx
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SMUGX Earth Preta THOR PlugX DOPLUGS PlugX
Indicators of Compromise (26 / 74 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://103.192.226.46:44 2024-02-22
URL http://103.56.53.120:80 2024-02-22
URL http://103.56.53.120:8080 2024-02-22
URL http://149.104.12.64:443 2024-02-22
URL http://154.204.27.181:110 2024-02-22
URL http://154.204.27.181:80 2024-02-22
URL http://176.113.69.91:443 2024-02-22
URL http://45.131.179.179:22 2024-02-22
URL http://45.131.179.179:443 2024-02-22
URL http://45.131.179.179:5938 2024-02-22
URL http://45.251.240.55:443 2024-02-22
URL http://45.251.240.55:8080 2024-02-22
URL http://45.83.236.105:443 2024-02-22
URL http://electrictulsa.com:443 2024-02-22
URL http://images.kiidcloud.com:443 2024-02-22
URL http://images.markplay.net:443 2024-02-22
URL http://ivibers.com:443 2024-02-22
URL http://meetviberapi.com:443 2024-02-22
URL http://news.comsnews.com:443 2024-02-22
URL http://news.comsnews.com:5938 2024-02-22
URL http://web.bonuscave.com:8080 2024-02-22
URL http://www.markplay.net:8080 2024-02-22
URL https://getfiledown.com/utdkt 2024-02-22
URL https://getfiledown.com/vgbskgyu 2024-02-22
URL https://getfiledown.com/vgbskgyu' 2024-02-22
URL https://getfilefox.com/enmjgwvt 2024-02-22
References (2)
↗ https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html ↗ https://thehackernews.com/2024/02/mustang-panda-targets-asia-with.html