← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
DragonOk
WHITE advin1180 2024-03-21 Modified: 2024-03-21
11
IOCs
MEDIUM VOLUME
Palo Alto Networks Unit 42 has identified a new type of backdoor malware deployed in a series of phishing attacks against Japanese high-tech and manufacturing firms, but the attackers have now added another tool to their toolkit.
sysgetcrypthashdatamsiewindows ntcryptcreatehashcryptderivekeycalgmd5dragonokformerfirstratbinarydatanflogplugxwildfiremalwareratspoisonivynewctdatepythondownloadhellobridge
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DragonOK Sysget HelloBridge PlugX
Indicators of Compromise (11)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 01234567890123456789012345678901 2024-03-21
FileHash-MD5 07660815420f6d5b2dcc0f63434a6c60 2024-03-21
FileHash-MD5 4890c2d546fa48a536b75b48b17de023 2024-03-21
FileHash-MD5 70efdf2ec9b086079795c442636b55fb 2024-03-21
FileHash-MD5 aa8ac5ed26b9bf4f8d3bd1b2dcaa82f6 2024-03-21
FileHash-MD5 fc1a8359e0f4cb8d60920dc066b8b21c 2024-03-21
FileHash-SHA1 0716d9708d321ffb6a00818614779e779925365c SHA1 of 70efdf2ec9b086079795c442636b55fb 2024-03-21
FileHash-SHA256 4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3 SHA256 of 70efdf2ec9b086079795c442636b55fb 2024-03-21
URL http://https.reweblink.com:443 2024-03-21
domain biosnews.info 2024-03-21
hostname https.reweblink.com 2024-03-21
References (1)
↗ https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/