Back

DragonRank, a Chinese-speaking SEO manipulator service provider

Sept. 12, 2024, 10:08 p.m.

Tags

plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd

External References

https://blog.talosintelligence.com/

https://otx.alienvault.com/

Description

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

Date

Published Created Modified
Sept. 12, 2024, 9:27 p.m. Sept. 12, 2024, 9:27 p.m. Sept. 12, 2024, 10:08 p.m.

Indicators

ffa94d76d4423e43a42c7944c512e1a71827a89ad513d565f82eb8fe374ef74d

fd0dd6c05be458e18640db3eaaa9f6d259c1224f244110595b0a634fffacadf9

f3f95debb843d6faf41c6884e1e7541dcff5fe1c47014914d895aaad757e0159

cdc9f18de75991e7b289ab26b32dca9f4de6f95f88a6d3d32c87a111c4dc4d18

e9a9f3c7321d83e781c00eed712f9ecffc2024fd41ee1e45bc77d2ff8b1264d1

c8cfb43414cd425eede08a6267a0cdf3789175dfba95a903ee9dfa0ae2e94a8b

ad7773cb9e55e4c37bed2bb34a9e695c8965cc12c75b3da5e12f868fc1c78a52

b9faf82542bbaca124ef80f58ee55a866ee10481fa30419c89f112d7bb4a9815

b3aa822a7349d95c2210598b95fa8e85c1ce0f22acdf10611a31e3e82c84ed33

99ab43bf8a9934d01ba9ec6203c95e3c16e6c0dfc633538ab29795ba979b4adf

96d5f775fca96cfe092e94bd1b978be215fd3d52e0fe1cc15bc61d787c122c85

94b323eaf06ea503bf0157c575128e46083257b8ee71d4e5faa7ca4d38e50f8c

72fc4ba4d8e9a7b11fa0b76611e85b7aaf3558ac08dc8e9628fad48d72fb8190

875239000f22cff75f62f9a1aa9924a8c3fea72124b0c4b31c7b3814f9dc0601

74063aeff534b824ad3f505431e56875c1fd73dfd95be7972defaf0719120406

614920f1a8550070a983f2ad22d6358c6742a9e02802b025eeea8db8c3d41fb7

6430651ce3d7ab9771bdd2701d2ab953929ba8099d272f390bb263a136f8f815

6e5eb43b81f103e4926be92d6bef9048bfa042bddb95a1ad3245230df0e04d22

45f21f20af0482092cdcc9d00c0657f000fac3c31fc3aeebe78ee1a397b914b3

42e99d6292f5e32592769735fc7736855a4167a40243bde671af7d47cd59003d

3f17c66aab154212fb02fc7e329296c233aebe4abd9248204fa99c490c113a6e

373d95685d0fd184aa4d5e47f7b1eb1848badef4fc9db46415f858f37eb20eee

1749b814522ba5dc141b399ee8f04616d72bfdfdd8ab8ebab6c9d494a378cbfc

0ab7e992aa85a0e23d9a7ee1e3928eb2015c0733d7fb324bf8b0c0e3c65d500b

f748b210677a44597a724126a3d97173d97840b59d6deaf010c370657afc01f8

785d92dc175cb6b7889f07aa2a65d6c99e59dc1bbc9edb8f5827668fd249fa2e

046a03725df3104d02fa33c22e919cc73bed6fd6a905098e98c07f0f1b67fadb

154.23.179.133

202.162.108.48

www.yx52.pw

Attack Patterns

DragonRank

PlugX

T1069

T1136

T1189

T1555

T1505

T1021

T1176

T1016

T1070

T1082

T1057

T1105

T1102

T1055

T1036

T1098

T1033

T1553

T1560

T1566

T1090

T1003

T1059

Additional Informations

Sports

Agriculture

Healthcare

Media

Transportation

Government

Manufacturing

Belgium

Netherlands