ioc[.]one - OSINT Cyber Threat Intelligence Database

취약점 공격으로 유포 중인 PlugX 악성코드 - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dll Side-Loading - T1574.002 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Server - T1583.004 Server - T1584.004 Dll Side-Loading - T1073

Show in Graph

Common Information

Type	Value
UUID	3dc21359-faba-4b50-b25a-390c2e4f0cdf
Fingerprint	65a4efdeebdcf6a9
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 3, 2023, 5:20 p.m.
Added to db	March 3, 2023, 10:21 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	취약점 공격으로 유포 중인 PlugX 악성코드
Title	취약점 공격으로 유포 중인 PlugX 악성코드 - ASEC BLOG
Detected Hints/Tags/Attributes	25/2/21

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/ko/48725/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	18	✔	ASEC	https://asec.ahnlab.com/ko/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	China National Vulnerability Database CNVD	8	CNVD-2022-10270
Details	China National Vulnerability Database CNVD	8	CNVD-2022-03672
Details	Domain	2	cdn.imango.ink
Details	Domain	2	api.imango.ink
Details	Domain	25	mdp.download
Details	File	2	esetservice.exe
Details	File	6	http_dll.dll
Details	File	2	lang.dat
Details	File	14	backdoor.pl
Details	File	22	runonce.exe
Details	File	269	msiexec.exe
Details	File	2	clang.ai
Details	File	2	ksys.ai
Details	File	2	bin.pl
Details	md5	2	709303e2cf9511139fbb950538bac769
Details	md5	2	d1a06b95c1d7ceaa4dc4c8b85367d673
Details	md5	2	d973223b0329118de57055177d78817b
Details	Threat Actor Identifier - APT	78	APT3
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	2	http://api.imango.ink:8089/http_dll.dll
Details	Url	2	http://api.imango.ink:8089/esetservice.exe