Ekka (Kannada) [2025] (Aananda)

Plugx ioc. Make regular backups of important and critical files.

Plugx ioc. 106:53. In December 2022, this group started targeting Europe with a new spearphishing campaign using a customized variant of the PlugX backdoor. Endpoint IOCs are imported through the console from OpenIOC-based files written to trigger on file properties such as name, size, hash, and other attributes and system properties such as process information Jan 14, 2025 · U. Learn more about the Chinese APT group's new malware loader. It is known for its use in espionage, a modular and plug-in style approach to malware development. May 9, 2018 · Following my previous article on PlugX, I would like to continue the analysis but now use the PlugX controller to mimic some of the steps that might be executed by an attacker. Using tags, it is easy to navigate through the huge amount of IOCs in the ThreatFox corpus. Feb 15, 2022 · In this threat analysis, ShadowPad samples reveals clusters of activity linked to threat groups affiliated with the Chinese Ministry of State Security (MSS) civilian intelligence agency and the People's Liberation Army (PLA). 0(mcvsmap)(fking)ǰ()\shellcode\shellcode\XPlug. Database Entry This IOC expired This IOC is an old IOC and hence has expired on 2025-09-18 01:15:01 UTC. 78:443. The page below gives you an overview on indicators of compromise associated with win. We would like to show you a description here but the site won’t allow us. ioc Endpoint IOC and perform a scheduled, or on-demand Endpoint IOC Flash Scan. 209:443. Contribute to plugxjs/plugx development by creating an account on GitHub. e. 107. Plugx IOC's README. This provides the ability to dynamically adjust C2 capabilities based on the requirements of the C2 operator. Jul 5, 2023 · An in-depth analysis of the evolving threat of the PlugX Trojan, with a focus on its increased targeting of European users and recent detection in Italy. The Endpoint IOC provided checks for the presence of a service called 'VIRUSMAP'. Implement EDR solutions to disrupt threat actor memory allocation techniques. Whilst collecting IoCs and connecting the dots, we asked ourselves: What threat actors are using ShadowPad in their operations? And ultimately, how does the emergence of ShadowPad impact the wider threat landscape from Chinese espionage actors? Apr 25, 2024 · Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2. universal plugin framework for web application. This report is the analysis of a Remote Access Tool, usually named PlugX. In order to identify any further infections of PlugX within your enterprise you can also upload the PlugXRunMethodDetected. 68. Notable features of this malware family are the ability to execute commands on the affected machine to retrieve: machine Feb 13, 2025 · The PlugX plugins compilation timestamps for this variant were identical to those in the Thor PlugX variant, documented by Palo Alto, which was linked to Fireant (aka Mustang Panda, Earth Preta), a China-based espionage group. . Make regular backups of important and critical files. Sogu/c is a full-featured, modular remote access tool (RAT) with many variants and wide-spread use primarily by Chinese espionage threat actors. It is commonly attributed to Chinese APT groups, such as APT41 and Mustang Panda, due to its use in targeted attacks against government agencies, critical infrastructure, defense contractors, and other high-value targets. 5 million connections from unique IP addresses. 8. ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 155. It allows an attacker to obtain unauthorized access to a system, steal sensitive data, and use the compromised machine for malicious purposes. Dec 11, 2020 · Foreword A few months ago, Bitdefender researchers started to investigate an extended operation that targeted victims from Myanmar and Thailand for what looked like cyber espionage and intelligence gathering. ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 111. Apr 4, 2025 · Hunting Pandas with ValidinAS 135377 The JARM associated with the finding on this AS is the one we saw earlier so I focused on other findings. Jan 15, 2025 · FBI’s PlugX operation cleans over 4,250 infected computers, targeting malware spread by PRC-linked hackers. [1] [2] [3] [4] Aug 19, 2021 · Unlike the publicly-sold PlugX, ShadowPad is privately shared among a limited set of users. 9 Current version and history of PlugX Aversionstringcanbefoundinthisbinary: 1 d:\work\plug7. References can be foundontheinternetforpreviousversionsofthismalwarefamily: Between July 2023 and December 2024, RedDelta, a Chinese state-sponsored group, targeted Mongolia, Taiwan, and Southeast Asia using advanced spearphishing campaigns with evolving infection chains and the PlugX backdoor. Database Entry Nov 4, 2024 · ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 119. Mar 15, 2021 · ThreatFox Database Indicators of Compromise (IOCs) on ThreatFox are associated with a certain malware fas. 138. 170:53. plugx. 112. Database Entry This IOC expired This IOC is an old IOC and hence has expired on 2025-09-06 01:15:01 UTC. You can also get this data through the ThreatFox API. Secure RDP ports to prevent threat actors from abusing and leveraging RDP tools. The page below gives you an overview on IOCs that are tagged with PlugX. Contribute to stamparm/maltrail development by creating an account on GitHub. 113. Jan 26, 2017 · Menupass(APT10)と呼ばれる攻撃者グループのIOC(Indicator Of Compromised)と、実在する組織や人物になりすまし、国内の組織に対して標的型メールを送信するマルウェアに関連性が確認できたので、その特徴を紹介します。 Sep 17, 2024 · ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 155. Nov 7, 2024 · ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 103. A malware sample can be associated with only one malware family. Aug 26, 2025 · PlugX IOC: 6a958d6293d4eb0a6ac5c6d51e4f724331e76443e6f5e71e71d1dc3c0412f6c2 (sha256_hash)False positives reports are handled by the Spamhaus Project. Jan 15, 2025 · Overview PlugX is a sophisticated Remote Access Trojan (RAT) that has been used in cyber-espionage campaigns since its discovery in 2008. 28. 78:5983. In case you provide your email address Jun 5, 2025 · ThreatFox IOC Database You are viewing the ThreatFox database entry for ip:port 38. Aug 23, 2022 · Every IOC can associated with one or more tags. and international law enforcement agencies have removed the PlugX malware from thousands of computers worldwide. Aug 23, 2022 · Every IOC can associated with one or more tags. Discover the tactics, techniques, and procedures of APT groups leveraging this malware and access the associated Indicators of Compromise (IOCs). PlugX IOC: 7a3f2550b80f039f7b4914da93e3ad7d9555c7b9 (sha1_hash)False positives reports are handled by the Spamhaus Project. The Header Hash 74003aa800b6e7effc1c returns over 400 IPs & domains heavily associated with PlugX, RedDelta (Mustang Panda) and more interestingly APT41 indicating a potential overlap. 104. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system. Apr 27, 2017 · The PLUGX operator may dynamically add, remove, or update PLUGX plugins during runtime. * APT41 is known for conducting both state-sponsored espionage and Malicious traffic detection system. h This could mean PlugX, version 7. Database Entry 4. 238. PlugX is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups. TTPs overlap with Amoebamalware family 42 Thetimelineofmalwarefamily(SharedorKCPProtocol) PlugX ShadowPad KeyPlug FunnySwitch Pangolin8RAT Crosswalk 2019/07 2020/01 2020/07 2021/01 2021/07 2022/01 Malware activity timeline based on sample compile timestamp First observeddateofattackinggamblingindustry 2019/01 Malicious traffic detection system. Database Entry This IOC expired This IOC is an old IOC and hence has expired on 2025-06-09 01:15:01 UTC. CISCO ENDPOINT IOC ATTRIBUTES The Endpoint Indication of Compromise (IOC) feature is a powerful incident response tool for scanning of post-compromise indicators across multiple computers. 78:5000. S. Nov 6, 2023 · PlugX is one such example of a RAT that has attributed to Chinese threat actors such as Mustang Panda, since it first appeared in the wild back in 2008. 20:443. As you know the traditional steps of an attack lifecycle follow, normally, a predictable sequence of events i. May 5, 2023 · The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. The malware is modular, allowing Contribute to cyberside2023/TH development by creating an account on GitHub. In case you Jul 12, 2024 · The Blackfly espionage group, also known as APT41, Winnti Group, or Bronze Atlas, is a sophisticated threat actor group that has been active since at least 2010 and is one of the longest-known Chinese APT groups. We therefore refrain from exporting it into our datasets. Jan 16, 2025 · The FBI says it has removed PlugX malware from thousands of infected computers worldwide. Database Entry This IOC expired This IOC is an old IOC and hence has expired on 2025-08-25 01:15:01 UTC. Prioritize remediating known exploited vulnerabilities. 203. This malware is used in targeted attacks against private organizations, governments, political organization and individuals. 37:443. The malware is primarily employed for spying on victims and can perform a variety of malicious activities, such as logging users’ keystrokes and exfiltrating information from browsers. Sophos-originated indicators-of-compromise from published reports - sophoslabs/IoCs Feb 2, 2023 · EclecticIQ researchers continue to track a Chinese state-sponsored APT group called Mustang Panda. md PlugXioc / Plugx IOC's Cannot retrieve latest commit at this time. The move came after suspicion that cybercriminals groups under control of the People’s Republic of China (PRC) used a version of PlugX malware to control, and steal information from victims’ computers. Database Entry Jun 27, 2017 · Unit 42 examines the continued effectiveness of Paranoid PlugX malware. 60. As a result, this database entry is purely informational and has no impact. Nov 2, 2023 · AIQ’s Adversary Research Team aptly kicked off this campaign by emulating Sogu, aka PlugX, one of the most prevalent malware tools to date. Jul 27, 2021 · We provide a technical overview of the previously unseen PlugX variant THOR, indicators of compromise and a new tool for payload decryption. Feb 24, 2023 · Meanwhile, PlugX is a well-known remote access trojan (RAT) that is used to gain remote access to and control over compromised machines. Nov 23, 2020 · Discover TA416's latest phishing activity analysis from Proofpoint. Sep 3, 2025 · PlugX is a remote access trojan that is used extensively by Chinese APTs. May 5, 2022 · PlugX implant: A RAT implant used extensively by Mustang Panda. RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. While not the most prevalent threat, the PlugX remote access trojan is attributed to espionage operators with ties to Chinese interests. , Reconnaissance, initial compromise, establish foothold,… Aug 1, 2024 · ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups. Dec 6, 2023 · This blog helps security analysts, blue teamers, and Splunk customers to identify PlugX malware by enabling the community to discover the PlugX tactics, techniques and procedures being used by threat actors and adversaries. 0 codename fking, build for mcvsmap. Jan 27, 2025 · You are viewing the ThreatFox database entry for ip:port 216. It consists of a malicious DLL that can perform a variety of actions on the infected endpoint including downloading and deploying new modules/plugins. bdfmyd dvotqd ctksq rcnuws nfzpti fxow whth apxqeovc yusx nnvs