← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PlugX : Mustang Panda APT
WHITE PetrP.73 2026-04-04 Modified: 2026-04-04
16
IOCs
MEDIUM VOLUME
Mustang Panda, a China-linked advanced persistent threat (APT) group, is known for its cyber espionage campaigns targeting government entities, diplomatic organizations, and NGOs. A centerpiece of their operations is the PlugX malware family, a modular remote access trojan which employs a tailored approach for each campaign, utilizing various configurations for command-and-control infrastructure, operational capabilities, and stealth features.
figureplugxplugx infectionstageapi resolutionapiswindowsngosplugx malwaremustang pandapowershellshellcodestaticplugindjb2qakbot
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 06fcc2a56de5acdf1ca1847c79cca9e9 MD5 of 0252819a4960c56c28b3f3b27bf91218ffed223a 2026-04-04
FileHash-MD5 9a574029357cbbba709a18f8d34df77f MD5 of 3021f4d365a641722748c5e60d983a080db17bef8f0a1dbe624ffe63cd544cc1 2026-04-04
FileHash-MD5 a29e49a21bf3469a0044be2e2b989ad3 MD5 of bc8b022c10bcab39da302446b0a50988de94607c7e724f2051578e8ed2f8bbe7 2026-04-04
FileHash-MD5 d71ff71b7d5b7daf4ad892b0e7baca03 MD5 of c5267fefaac1764eba5f42681eb216f146b7d18fcbf546275d33e70cb36fdfba 2026-04-04
FileHash-SHA1 0252819a4960c56c28b3f3b27bf91218ffed223a 2026-04-04
FileHash-SHA1 258d5d6cbdec6494415a09ffe707dd724d9535cd SHA1 of bc8b022c10bcab39da302446b0a50988de94607c7e724f2051578e8ed2f8bbe7 2026-04-04
FileHash-SHA1 2c16f2830aa36848ca61272c2e4305102bfad537 SHA1 of c5267fefaac1764eba5f42681eb216f146b7d18fcbf546275d33e70cb36fdfba 2026-04-04
FileHash-SHA1 af99d1da4e1e272f54c8bd7f3eedaaa7bbfd9628 SHA1 of 3021f4d365a641722748c5e60d983a080db17bef8f0a1dbe624ffe63cd544cc1 2026-04-04
FileHash-SHA256 3021f4d365a641722748c5e60d983a080db17bef8f0a1dbe624ffe63cd544cc1 2026-04-04
FileHash-SHA256 30a8df28f83618e078321ff306cde802da285bea050dab0a991ffaa83d90a48b 2026-04-04
FileHash-SHA256 4b1b20a73c77711b2dd67c61b493961a16795b7d3f26261ee6b2feb8f5889cd2 2026-04-04
FileHash-SHA256 bc8b022c10bcab39da302446b0a50988de94607c7e724f2051578e8ed2f8bbe7 2026-04-04
FileHash-SHA256 c5267fefaac1764eba5f42681eb216f146b7d18fcbf546275d33e70cb36fdfba 2026-04-04
FileHash-SHA256 de13e4b4368fbe8030622f747aed107d5f6c5fec6e11c31060821a12ed2d6ccd SHA256 of 0252819a4960c56c28b3f3b27bf91218ffed223a 2026-04-04
domain coastallasercompany.com 2026-04-04
domain npbhwucj.lv 2026-04-04
References (1)
↗ https://0x3obad.github.io/posts/plugx-writeup/