← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
DragonOk
WHITE advin1180 2024-03-21 Modified: 2024-03-21
11
IOCs
MEDIUM VOLUME
Palo Alto Networks Unit 42 has identified a new type of backdoor malware deployed in a series of phishing attacks against Japanese high-tech and manufacturing firms, but the attackers have now added another tool to their toolkit.
sysgetcrypthashdatamsiewindows ntcryptcreatehashcryptderivekeycalgmd5dragonokformerfirstratbinarydatanflogplugxwildfiremalwareratspoisonivynewctdatepythondownloadhellobridge
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DragonOK Sysget HelloBridge PlugX
Indicators of Compromise (1 / 11 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 4523540f1504cd17100c4835e85b7eefd49911580f8efff0599a8f283be6b9e3 SHA256 of 70efdf2ec9b086079795c442636b55fb 2024-03-21
References (1)
↗ https://unit42.paloaltonetworks.com/unit-42-identifies-new-dragonok-backdoor-malware-deployed-against-japanese-targets/