← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - PlushDaemon compromises network devices for adversary-in-the-middle attacks
WHITE celestre 2025-11-20 Modified: 2025-12-20
41
IOCs
MEDIUM VOLUME
ESET researchers provide insights into how PlushDaemon performs adversary-in-the-middle attacks using a previously undocumented network implant that we have named EdgeStepper, which redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure.
slowstepper cc serverfilename esetslowstepperdescriptionpythonserveripany softwareinstaller dlldll tool
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
SlowStepper
Indicators of Compromise (19 / 41 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 00385604a792b8874238e9b0abc98a423135b2f4 2025-11-20
FileHash-SHA1 068fd2d209c0bbb0c6fc14e88d63f92441163233 2025-11-20
FileHash-SHA1 0fa9c4958fbd8513a41056938d5fbce6c63bbe03 2025-11-20
FileHash-SHA1 2db60f0adef14f4ab3573f8309e6fb135f67ed7d 2025-11-20
FileHash-SHA1 3c36574e7683a2c6382dc55345b7d1d544c1c1ef 2025-11-20
FileHash-SHA1 401571851a7cf71783a4cb902db81084f0a97f85 2025-11-20
FileHash-SHA1 4b194770f6054c513b5a3821cb94feea58c09d3c 2025-11-20
FileHash-SHA1 5977a9538627bf274c438fd04a6e20e1a5ba3a4a 2025-11-20
FileHash-SHA1 5a79aea546b04292c099137af4740a944f02963a 2025-11-20
FileHash-SHA1 6b6e16c6e4e5301be715642179b8e19e91f777a4 2025-11-20
FileHash-SHA1 846c025f696da1f6808b9101757c005109f3cf3d 2025-11-20
FileHash-SHA1 ad4f0428fc9290791d550eeddf171aff046c4c2c 2025-11-20
FileHash-SHA1 b5a5da09114f1e8443daf13a799f2645c135b0bc 2025-11-20
FileHash-SHA1 b5b5ab0074f81c02f27d263bc3723809be0d86a8 2025-11-20
FileHash-SHA1 c58d6ac9d0b2d4e1144490ccde581d9c34cbb38e 2025-11-20
FileHash-SHA1 d1eb4427bdb7f59a01fda60811708f07308f7987 2025-11-20
FileHash-SHA1 d22b0db144c1b42b1ce2a1741c83d845092fcc61 2025-11-20
FileHash-SHA1 eeb4a930ef2d4547b96f06ac6783b06e215c2f13 2025-11-20
FileHash-SHA1 eeda5d66285ff8e0baab8621994bf1d365188721 2025-11-20
References (1)
↗ https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/