Tag: plugx

10 Attack Reports | 0 Vulnerabilities

Attack reports

2024 Malicious Infrastructure Insights: Key Trends and Threats

The report highlights significant trends in malicious infrastructure for 2024, including the rise of malware-as-a-service infostealers, continued dominance of Cobalt Strike among offensive security tools, and increased use of legitimate services by threat actors. Key findings include LummaC2's domi…
lummac2
plugx
cobalt strike
asyncrat
cybercrime
infostealers
dcrat
latrodectus
botnets
mobile malware
malicious infrastructure
quasarrat
hook
gobrat
brute ratel c4
remote access trojans
2025-02-28
traffic distribution systems
mozi botnet
state-sponsored groups
command-and-control servers
solarmarker rat
offensive security tools
Published: February 28, 2025
Downloadable IOCs: 0

Updated Shadowpad Malware Leads to Ransomware Deployment

A recent investigation revealed Shadowpad malware being used to deploy a new ransomware family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the manufacturing sector. Access was gained through remote network attacks, exploiting weak passwords and bypassing mult…
ransomware
plugx
shadowpad
impacket
manufacturing
anti-debugging
2025-02-20
dns over https
multi-factor authentication bypass
remote network attacks
intellectual property theft
cqhashdumpv2
Published: February 20, 2025
Downloadable IOCs: 0

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

A sophisticated cyberespionage campaign targeting high-value entities in South Asia, particularly a telecommunications organization, has been identified. The threat actor, tracked as CL-STA-0048, employed rare techniques like 'Hex Staging' for payload delivery and DNS-based data exfiltration. The o…
apt
plugx
cobalt strike
south asia
2025-01-30
Published: January 30, 2025
Linked vulnerabilities : CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0)
Downloadable IOCs: 21

RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats

Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta targeted Mongolia, Taiwan, and Southeast Asian countries with an adapted infection chain to distribute its customized PlugX backdoor. The group used themed lure documents and evolved its tactics, transitioning from Wind…
spearphishing
plugx
html
microsoft azure
2025-01-09
cloudflare cdn
shortcut (lnk) file
Published: January 9, 2025
Downloadable IOCs: 259

DragonRank, a Chinese-speaking SEO manipulator service provider

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.
plugx
black
mimikatz
badpotato
metasploit
2024-09-12
illusion
dragonrank
plugx loader
badiis malware
c cd
Published: September 12, 2024
Downloadable IOCs: 35

Earth Preta Evolves its Attacks with New Malware and Strategies

Trend Micros discusses analysis of Earth Preta’s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.
malware
plugx
persistence
execution
find
2024-09-10
winrar
earth preta
pubload
trojanspy
indonesia
hiupan
pullbait
fdmtp c
plugx c
pubload c
preta
fdmtp
Published: September 10, 2024
Downloadable IOCs: 41

Attack Case against HFS (HTTP File Server) Server (Suspected CVE-2024-23692)

A remote code execution vulnerability (CVE-2024-23692) in the HFS (HTTP File Server) program has allowed attackers to execute malicious commands on vulnerable systems. Various attack cases exploiting this vulnerability have been observed, leading to the installation of malware such as coin miners, …
backdoor
exploit
rat
xmrig
vulnerability
plugx
gh0strat
CVE-2024-23692
cobaltstrike
korplug
destroyrat
xenorat
2024-07-03
gothief
Published: July 3, 2024
Linked vulnerabilities : CVE-2024-23692 (CVSS 9.8)
Downloadable IOCs: 14

China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

python
plugx
lsass
trojan
2024-06-18
sygnia
c server
shadowpad
wmiexec
virustotal
earthworm
impacket
f5 bigip
command
f5 appliance
svchost
velvet ant
wireshark
guard
protect
Published: June 18, 2024
Downloadable IOCs: 5

Operation ControlPlug: Targeted attack campaign using MSC files

An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involving MSC (Microsoft Common Console Document) files to initiate their malicious activities. These files, generally unfamiliar, leveraged the Console Taskpad feature to exec…
malware
stealthy
apt
plugx
campaign
2024-06-06
korplug
kaba
tvt
destroyrat
thoper
sogu
Published: June 6, 2024
Downloadable IOCs: 14

Mallox ranomware affiliate leverages PureCrypter in MS-SQL exploitation campaigns

A team from security firm Sekoia has observed a series of attacks targeting vulnerable assets, including MS-SQL, and Mallox ransomware, using techniques similar to that of the PureCrypter ransomware.
powershell
plugx
ransom
mallox
purecrypter
2024-05-09
2024-05-14
bitcoin
trigona
mssql
mssql server
maestro
as208091
mallox raas
unsafe
shutdown
clr sqlshell
sqlshell
xollam
link http
2024-05-10
Published: May 14, 2024
Downloadable IOCs: 10
Click here to see more Attack Reports