← Back to Pulse Feed
PULSE DETAIL
In July 2023, Check Point disclosed a campaign called SMUGX, which focused on European countries and was attributed to the advanced persistent threat (APT) group Earth Preta (also known as Mustang Panda and Bronze President). In the same year, CP obtained a phishing email targeting the Taiwanese government that contained a piece of customized PlugX malware — the same one used in the SMUGX campaign. As most previous discussions from other researchers focus on the European attacks, CP would instead like to shed light on the Asian side of the campaign. After months of investigation, CP discovered more SMUGX campaign-related samples targeting not only Taiwan, but also Vietnam, Malaysia, and other Asian countries in 2022 and 2023.
MITRE ATT&CK & Malware Families
Indicators of Compromise (74)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 011478f93a06a229d2a2a65320571f5f | MD5 of f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 | 2024-02-26 | |
| FileHash-MD5 | 29391b2f30c7c2bfb5170dc8afe3e24c | MD5 of dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c | 2024-02-26 | |
| FileHash-MD5 | 299ed8a1fed6d9b9932d43567904be25 | MD5 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc | 2024-02-26 | |
| FileHash-MD5 | 32c26797ab646074a2bb562f9d10adb5 | MD5 of b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 | 2024-02-26 | |
| FileHash-MD5 | 43b1c51574b4aa1684a05e96b81059b2 | MD5 of a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 | 2024-02-26 | |
| FileHash-MD5 | 51ecd9b628809aab8463914793d35a1d | MD5 of 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 | 2024-02-26 | |
| FileHash-MD5 | 9ee6e8f633764c06142c9abeddb9f04c | MD5 of 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 | 2024-02-26 | |
| FileHash-MD5 | c160fea304ed0131b9d742dda8802a0f | MD5 of d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc | 2024-02-26 | |
| FileHash-MD5 | e24e7c0a3f49aa9adb281d24acde7e92 | MD5 of 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b | 2024-02-26 | |
| FileHash-MD5 | eb941fbca579d3c0966de86b904fc298 | MD5 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 | 2024-02-26 | |
| FileHash-SHA1 | 02299d95841ae0a807b919869ca4aee47c2eb47e | SHA1 of a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 | 2024-02-26 | |
| FileHash-SHA1 | 276569711e3a93259f2143c28de37a7533ebb58e | SHA1 of d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc | 2024-02-26 | |
| FileHash-SHA1 | 38e5be7c058a1132dbbda7185abbac77366ccd6f | SHA1 of dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c | 2024-02-26 | |
| FileHash-SHA1 | 53756fc875b1529407ce0878bcf53fc29d2e0067 | SHA1 of 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 | 2024-02-26 | |
| FileHash-SHA1 | c67721fd954f41c7b958b4c17052fa6e22896c79 | SHA1 of 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc | 2024-02-26 | |
| FileHash-SHA1 | c7e9c45b18c8ab355f1c07879cce5a3e58620dd7 | SHA1 of f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 | 2024-02-26 | |
| FileHash-SHA1 | d2aa567fa30befa6e082376b11587aa0f3b0d5b7 | SHA1 of d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 | 2024-02-26 | |
| FileHash-SHA1 | d68efab62dc43b35dc856e264f67f8e8d3034e80 | SHA1 of 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b | 2024-02-26 | |
| FileHash-SHA1 | f21fbe42eba84d6300e6f4cf59426d2f10a1ed09 | SHA1 of 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 | 2024-02-26 | |
| FileHash-SHA1 | f478d70bc193f7c24da563e9eda7eb86239bbe12 | SHA1 of b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 | 2024-02-26 | |
| FileHash-SHA256 | 17225c9e46f809556616d9e09d29fd7c13ca90d25ae21e00cc9ad7857ee66b82 | — | 2024-02-26 | |
| FileHash-SHA256 | 1a8aeee97a31f2de076b8ea5c04471480aefd5d82c57eab280443c7c376f8d5c | — | 2024-02-26 | |
| FileHash-SHA256 | 364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321 | — | 2024-02-26 | |
| FileHash-SHA256 | 3fa7eaa4697cfcf71d0bd5aa9d2dbec495d7eac43bdfcfbef07a306635e4973b | — | 2024-02-26 | |
| FileHash-SHA256 | 583941ca6e1a2e007f5f0e2e112054e44b18687894ac173d0e93e035cea25e83 | — | 2024-02-26 | |
| FileHash-SHA256 | 60b3a42b96b98868cae2c8f87d6ed74a57a64b284917e8e0f6c248c691d51797 | — | 2024-02-26 | |
| FileHash-SHA256 | 93624d0ad03998dd267ae8048ff05e25b5fd5f7b4116a2aff88c87d42422d5dc | — | 2024-02-26 | |
| FileHash-SHA256 | a0c94205ca2ed1bcdf065c7aeb96a0c99f33495e7bbfd2ccba36daebd829a916 | — | 2024-02-26 | |
| FileHash-SHA256 | a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f | — | 2024-02-26 | |
| FileHash-SHA256 | b975af70ee9bdfdc6e491b58dd83385f3396429a728f9939abade48d15941ea1 | — | 2024-02-26 | |
| FileHash-SHA256 | b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93 | — | 2024-02-26 | |
| FileHash-SHA256 | d0ca6917c042e417da5996efa49afca6cb15f09e3b0b41cbc94aab65a409e9dc | — | 2024-02-26 | |
| FileHash-SHA256 | d64afd9799d8de3f39a4ce99584fa67a615a667945532cfa3f702adbe27724c4 | — | 2024-02-26 | |
| FileHash-SHA256 | dca39474220575004159ecff70054bcf6239803fcf8d30f4e2e3907b5b97129c | — | 2024-02-26 | |
| FileHash-SHA256 | e3bae2e2b757a76db92ab017328d1459b181f8d98e04b691b62ff65d1e1be280 | — | 2024-02-26 | |
| FileHash-SHA256 | eb9e557fac3dd50cc46a544975235ebfce6b592e90437d967c9afba234a33f13 | — | 2024-02-26 | |
| FileHash-SHA256 | f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5 | — | 2024-02-26 | |
| URL | http://103.192.226.46:44 | — | 2024-02-26 | |
| URL | http://103.56.53.120:80 | — | 2024-02-26 | |
| URL | http://103.56.53.120:8080 | — | 2024-02-26 | |
| URL | http://149.104.12.64:443 | — | 2024-02-26 | |
| URL | http://154.204.27.181:110 | — | 2024-02-26 | |
| URL | http://154.204.27.181:80 | — | 2024-02-26 | |
| URL | http://176.113.69.91:443 | — | 2024-02-26 | |
| URL | http://45.131.179.179:22 | — | 2024-02-26 | |
| URL | http://45.131.179.179:443 | — | 2024-02-26 | |
| URL | http://45.131.179.179:5938 | — | 2024-02-26 | |
| URL | http://45.251.240.55:443 | — | 2024-02-26 | |
| URL | http://45.251.240.55:8080 | — | 2024-02-26 | |
| URL | http://45.83.236.105:443 | — | 2024-02-26 | |
| URL | http://electrictulsa.com:443 | — | 2024-02-26 | |
| URL | http://images.kiidcloud.com:443 | — | 2024-02-26 | |
| URL | http://images.markplay.net:443 | — | 2024-02-26 | |
| URL | http://ivibers.com:443 | — | 2024-02-26 | |
| URL | http://meetviberapi.com:443 | — | 2024-02-26 | |
| URL | http://news.comsnews.com:443 | — | 2024-02-26 | |
| URL | http://news.comsnews.com:5938 | — | 2024-02-26 | |
| URL | http://web.bonuscave.com:8080 | — | 2024-02-26 | |
| URL | http://www.markplay.net:8080 | — | 2024-02-26 | |
| URL | https://getfiledown.com/utdkt | — | 2024-02-26 | |
| URL | https://getfiledown.com/vgbskgyu | — | 2024-02-26 | |
| URL | https://getfiledown.com/vgbskgyu' | — | 2024-02-26 | |
| URL | https://getfilefox.com/enmjgwvt | — | 2024-02-26 | |
| domain | electrictulsa.com | — | 2024-02-26 | |
| domain | estmongolia.com | — | 2024-02-26 | |
| domain | getfiledown.com | — | 2024-02-26 | |
| domain | getfilefox.com | — | 2024-02-26 | |
| domain | ivibers.com | — | 2024-02-26 | |
| domain | meetviberapi.com | — | 2024-02-26 | |
| hostname | images.kiidcloud.com | — | 2024-02-26 | |
| hostname | images.markplay.net | — | 2024-02-26 | |
| hostname | news.comsnews.com | — | 2024-02-26 | |
| hostname | web.bonuscave.com | — | 2024-02-26 | |
| hostname | www.markplay.net | — | 2024-02-26 |