PlugX APT Malware
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 |
Common Information
| Type | Value |
|---|---|
| UUID | eaac7619-15b3-4be8-a98c-8f35ffa2ba6e |
| Fingerprint | 265c296d3fa20693 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 22, 2016, 6:59 p.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | NetWitness Community |
| Title | PlugX APT Malware |
| Detected Hints/Tags/Attributes | 40/2/32 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://community.rsa.com/thread/185439 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | jessler.memsanyber.net |
|
| Details | Domain | 1 | scqf.bacguarp.com |
|
| Details | Domain | 1 | vip.kavupdate.com |
|
| Details | Domain | 1 | msn.catalogipdate.com |
|
| Details | Domain | 1 | syesv.qpoe.com |
|
| Details | Domain | 1 | servers.youxi.xunlei.com |
|
| Details | Domain | 1 | gamestat.youxi.xunlei.com |
|
| Details | Domain | 1 | www.moi.gov |
|
| Details | File | 1 | %temp%\1.pdf |
|
| Details | File | 2 | %temp%\1.exe |
|
| Details | File | 1 | %allusersprofile%\sxsi\rc.exe |
|
| Details | File | 1 | %allusersprofile%\sxsi\rcdll.dll |
|
| Details | File | 18 | %windir%\system32\svchost.exe |
|
| Details | File | 6 | %windir%\system32\msiexec.exe |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1 | %allusersprofile%\sxsi\bug.log |
|
| Details | File | 1 | c:\documents and settings\all users\sxsi\rc.exe |
|
| Details | File | 1 | dlpacker_ver.txt |
|
| Details | File | 1 | moigov.exe |
|
| Details | md5 | 1 | b9501109bd94ac243f22aec5aca65ace |
|
| Details | sha1 | 1 | b2b2a14983b13f966b3bfeb2ba33c3dd64a69ded |
|
| Details | sha256 | 1 | a3c4cb110064086fd7491d9cf5ffd7552384916c92effca20c8b16dfc625f37b |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\SxSi\Start |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\SxSi\ImagePath |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\SxSi\DisplayName |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\SxSi\ObjectName |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\ControlSet001\Services\SxSi\Description |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SxSi\Start |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SxSi\ImagePath |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SxSi\DisplayName |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SxSi\ObjectName |
|
| Details | Windows Registry Key | 1 | HKLM\SYSTEM\CurrentControlSet\Services\SxSi\Description |