ioc[.]one - OSINT Cyber Threat Intelligence Database

PlugX Malware Being Distributed via Vulnerability Exploitation - ASEC BLOG

Tags

country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Clipboard Data - T1414 Dll Side-Loading - T1574.002 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vulnerabilities - T1588.006 Clipboard Data - T1115 Dll Side-Loading - T1073 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	c6d767ff-fc0a-4415-a834-d4c1e799f83f
Fingerprint	a79cbbcdebf19589
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 9, 2023, 9 a.m.
Added to db	March 9, 2023, 2:56 a.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	PlugX Malware Being Distributed via Vulnerability Exploitation
Title	PlugX Malware Being Distributed via Vulnerability Exploitation - ASEC BLOG
Detected Hints/Tags/Attributes	65/3/21

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/49097/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	17	✔	ASEC	https://asec.ahnlab.com/en/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	China National Vulnerability Database CNVD	8	CNVD-2022-10270
Details	China National Vulnerability Database CNVD	8	CNVD-2022-03672
Details	Domain	2	cdn.imango.ink
Details	Domain	2	api.imango.ink
Details	Domain	25	mdp.download
Details	File	2	esetservice.exe
Details	File	6	http_dll.dll
Details	File	2	lang.dat
Details	File	14	backdoor.pl
Details	File	22	runonce.exe
Details	File	269	msiexec.exe
Details	File	2	clang.ai
Details	File	2	ksys.ai
Details	File	2	bin.pl
Details	md5	2	709303e2cf9511139fbb950538bac769
Details	md5	2	d1a06b95c1d7ceaa4dc4c8b85367d673
Details	md5	2	d973223b0329118de57055177d78817b
Details	Threat Actor Identifier - APT	78	APT3
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	2	http://api.imango.ink:8089/http_dll.dll
Details	Url	2	http://api.imango.ink:8089/esetservice.exe