ioc[.]one - OSINT Cyber Threat Intelligence Database

BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog

Tags

cmtmf-attack-pattern:	Masquerading
country:	Belarus China Hong Kong Latvia Lithuania Myanmar Poland Russia Vietnam Ukraine
attack-pattern:	Dll Search Order Hijacking - T1574.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Server - T1583.004 Server - T1584.004 Software - T1592.002 Dll Search Order Hijacking - T1038 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	e41ada0d-0ca4-4de3-b5f4-25cafa5e24bf
Fingerprint	65dcb84be39cb699
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 27, 2022, midnight
Added to db	Sept. 26, 2022, 9:34 a.m.
Last updated	Nov. 7, 2024, 10:57 a.m.
Headline	BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
Title	BRONZE PRESIDENT targets Russian speakers with updated PlugX - Blog
Detected Hints/Tags/Attributes	61/3/20

Source URLs

	Redirection	Url
Details	Source	https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx

URL Provider

Details	Provider	Source level domain
Details	secureworks.com	www.secureworks.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	zyber-i.com
Details	Domain	3	locvnpt.com
Details	File	2	отряд.exe
Details	File	3	detachment.exe
Details	File	29	report.pdf
Details	File	3	fontedl.exe
Details	File	3	docconvdll.dll
Details	File	2	fontlog.dat
Details	md5	1	b0a7b7a1cb4bf9a1de7f4b1af46ed956
Details	md5	1	69ab42012ddce428c73940dcf343910e
Details	md5	1	ad3ddb4cbe7ece8cb723f63f3b855b85
Details	sha1	1	937975e3ea50c15476aef050295f4031f5fda2a4
Details	sha1	2	698d1ade6defa07fb4e4c12a19ca309957fb9c40
Details	sha1	1	6856bb506a0858cc5597666d966b5b7499e38542
Details	sha1	1	ca622bdc2b66f0825890d36ec09e6a64e631638f
Details	IPv4	3	107.178.71.211
Details	IPv4	3	103.107.104.19
Details	IPv4	4	92.118.188.78
Details	Url	2	http://107.178.71.211/eu/docconvdll.dll
Details	Url	2	http://107.178.71.211/eu/fontlog.dat