DragonRank, a Chinese-speaking SEO manipulator service provider

Sept. 12, 2024, 10:08 p.m.

Description

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

External References

https://blog.talosintelligence.com/dragon-rank-seo-poisoning/
https://otx.alienvault.com/pulse/66e35cc56564ce355f0f7daa
Tags
plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd

Date

  • Created: Sept. 12, 2024, 9:27 p.m.
  • Published: Sept. 12, 2024, 9:27 p.m.
  • Modified: Sept. 12, 2024, 10:08 p.m.

Indicators

  • ffa94d76d4423e43a42c7944c512e1a71827a89ad513d565f82eb8fe374ef74d
  • fd0dd6c05be458e18640db3eaaa9f6d259c1224f244110595b0a634fffacadf9
  • f3f95debb843d6faf41c6884e1e7541dcff5fe1c47014914d895aaad757e0159
  • cdc9f18de75991e7b289ab26b32dca9f4de6f95f88a6d3d32c87a111c4dc4d18
  • e9a9f3c7321d83e781c00eed712f9ecffc2024fd41ee1e45bc77d2ff8b1264d1
  • c8cfb43414cd425eede08a6267a0cdf3789175dfba95a903ee9dfa0ae2e94a8b
  • ad7773cb9e55e4c37bed2bb34a9e695c8965cc12c75b3da5e12f868fc1c78a52
  • b9faf82542bbaca124ef80f58ee55a866ee10481fa30419c89f112d7bb4a9815
  • b3aa822a7349d95c2210598b95fa8e85c1ce0f22acdf10611a31e3e82c84ed33
  • 99ab43bf8a9934d01ba9ec6203c95e3c16e6c0dfc633538ab29795ba979b4adf
  • 96d5f775fca96cfe092e94bd1b978be215fd3d52e0fe1cc15bc61d787c122c85
  • 94b323eaf06ea503bf0157c575128e46083257b8ee71d4e5faa7ca4d38e50f8c
  • 72fc4ba4d8e9a7b11fa0b76611e85b7aaf3558ac08dc8e9628fad48d72fb8190
  • 875239000f22cff75f62f9a1aa9924a8c3fea72124b0c4b31c7b3814f9dc0601
  • 74063aeff534b824ad3f505431e56875c1fd73dfd95be7972defaf0719120406
  • 614920f1a8550070a983f2ad22d6358c6742a9e02802b025eeea8db8c3d41fb7
  • 6430651ce3d7ab9771bdd2701d2ab953929ba8099d272f390bb263a136f8f815
  • 6e5eb43b81f103e4926be92d6bef9048bfa042bddb95a1ad3245230df0e04d22
  • 45f21f20af0482092cdcc9d00c0657f000fac3c31fc3aeebe78ee1a397b914b3
  • 42e99d6292f5e32592769735fc7736855a4167a40243bde671af7d47cd59003d
  • 3f17c66aab154212fb02fc7e329296c233aebe4abd9248204fa99c490c113a6e
  • 373d95685d0fd184aa4d5e47f7b1eb1848badef4fc9db46415f858f37eb20eee
  • 1749b814522ba5dc141b399ee8f04616d72bfdfdd8ab8ebab6c9d494a378cbfc
  • 0ab7e992aa85a0e23d9a7ee1e3928eb2015c0733d7fb324bf8b0c0e3c65d500b
  • f748b210677a44597a724126a3d97173d97840b59d6deaf010c370657afc01f8
  • 785d92dc175cb6b7889f07aa2a65d6c99e59dc1bbc9edb8f5827668fd249fa2e
  • 046a03725df3104d02fa33c22e919cc73bed6fd6a905098e98c07f0f1b67fadb
  • 154.23.179.133
  • 202.162.108.48
  • www.yx52.pw
  • ddos.tttseo.com
  • mail.tttseo.com
  • admin1.tttseo.com
  • tttseo.com
  • a.googie.pw
Download all indicators here!

Attack Patterns

  • DragonRank
  • PlugX
  • T1069
  • T1136
  • T1189
  • T1555
  • T1505
  • T1021
  • T1176
  • T1016
  • T1070
  • T1082
  • T1057
  • T1105
  • T1102
  • T1055
  • T1036
  • T1098
  • T1033
  • T1553
  • T1560
  • T1566
  • T1090
  • T1003
  • T1059

Additional Informations

  • Sports
  • Agriculture
  • Healthcare
  • Media
  • Transportation
  • Government
  • Manufacturing
  • Belgium
  • Netherlands