Pulse Detail — Threat Intelligence

PULSE NAME

PlushDaemon compromises network devices for adversary-in-the-middle attacks

WHITE Tr1sa111 2025-12-08 Modified: 2025-12-20

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

SlowStepper

Indicators of Compromise (41)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://gitcode.net/LetMeGo22/caffe/raw/master/models/bvlc_mod	—	2025-12-08
FileHash-MD5	0ec84f5912b540618695397211189ebb	MD5 of ad4f0428fc9290791d550eeddf171aff046c4c2c	2025-12-08
FileHash-MD5	100bd14b76a5e570158811a6af448229	MD5 of 4b194770f6054c513b5a3821cb94feea58c09d3c	2025-12-08
FileHash-MD5	2ba80036b9554d9722e199e9d0065831	MD5 of 2db60f0adef14f4ab3573f8309e6fb135f67ed7d	2025-12-08
FileHash-MD5	3094bd501c2e4630d06f72453ec6d173	MD5 of b5a5da09114f1e8443daf13a799f2645c135b0bc	2025-12-08
FileHash-MD5	e2bc2361ead7c80eba86a5d1c492865d	MD5 of 068fd2d209c0bbb0c6fc14e88d63f92441163233	2025-12-08
FileHash-SHA1	00385604a792b8874238e9b0abc98a423135b2f4	—	2025-12-08
FileHash-SHA1	068fd2d209c0bbb0c6fc14e88d63f92441163233	—	2025-12-08
FileHash-SHA1	0fa9c4958fbd8513a41056938d5fbce6c63bbe03	—	2025-12-08
FileHash-SHA1	2db60f0adef14f4ab3573f8309e6fb135f67ed7d	—	2025-12-08
FileHash-SHA1	3c36574e7683a2c6382dc55345b7d1d544c1c1ef	—	2025-12-08
FileHash-SHA1	401571851a7cf71783a4cb902db81084f0a97f85	—	2025-12-08
FileHash-SHA1	4b194770f6054c513b5a3821cb94feea58c09d3c	—	2025-12-08
FileHash-SHA1	5977a9538627bf274c438fd04a6e20e1a5ba3a4a	—	2025-12-08
FileHash-SHA1	5a79aea546b04292c099137af4740a944f02963a	—	2025-12-08
FileHash-SHA1	6b6e16c6e4e5301be715642179b8e19e91f777a4	—	2025-12-08
FileHash-SHA1	846c025f696da1f6808b9101757c005109f3cf3d	—	2025-12-08
FileHash-SHA1	ad4f0428fc9290791d550eeddf171aff046c4c2c	—	2025-12-08
FileHash-SHA1	b5a5da09114f1e8443daf13a799f2645c135b0bc	—	2025-12-08
FileHash-SHA1	b5b5ab0074f81c02f27d263bc3723809be0d86a8	—	2025-12-08
FileHash-SHA1	c58d6ac9d0b2d4e1144490ccde581d9c34cbb38e	—	2025-12-08
FileHash-SHA1	d1eb4427bdb7f59a01fda60811708f07308f7987	—	2025-12-08
FileHash-SHA1	d22b0db144c1b42b1ce2a1741c83d845092fcc61	—	2025-12-08
FileHash-SHA1	eeb4a930ef2d4547b96f06ac6783b06e215c2f13	—	2025-12-08
FileHash-SHA1	eeda5d66285ff8e0baab8621994bf1d365188721	—	2025-12-08
FileHash-SHA256	062264c360b05c6b8a3598b8cd13c72e6cd3b9e34c4ae2c7fc272659599434c3	SHA256 of ad4f0428fc9290791d550eeddf171aff046c4c2c	2025-12-08
FileHash-SHA256	40df05b4f04ad093b31c9ca07a559be56a700e49f6051b5cb7462db5f85be8c3	SHA256 of 068fd2d209c0bbb0c6fc14e88d63f92441163233	2025-12-08
FileHash-SHA256	4dbd9530dd33ea1c133ebb462afd4feac677051db9453c721890fa7210480113	SHA256 of 4b194770f6054c513b5a3821cb94feea58c09d3c	2025-12-08
FileHash-SHA256	9c82ccddbf3d542a48c4950a82b4f5913c7be9c8e757ba5b78f6ed59979b7fa6	SHA256 of 2db60f0adef14f4ab3573f8309e6fb135f67ed7d	2025-12-08
FileHash-SHA256	c44bb3cdee68d40920b9e36f80b9a3361520f17d6e470a56bd08f8c5b9054b10	SHA256 of b5a5da09114f1e8443daf13a799f2645c135b0bc	2025-12-08
URL	https://gitcode.net/LetMeGo22/caffe/raw/master/models/finetune_flickr_to_python/glib	—	2025-12-08
URL	https://gitcode.net/LetMeGo22/caffe/raw/master/models/finetune_flickr_to_python/tmod	—	2025-12-08
domain	gitcode.net	—	2025-12-08
domain	rundll.org	—	2025-12-08
domain	win7py.org	—	2025-12-08
domain	winxppy.org	—	2025-12-08
hostname	7051.gsm.360safe.company	—	2025-12-08
hostname	agt.wcsset.com	—	2025-12-08
hostname	reverse.wcsset.com	—	2025-12-08
hostname	riskware.mimikatz.cv	—	2025-12-08
hostname	st.360safe.company	—	2025-12-08

References (1)

↗ https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/