![#PlugX / #KorPlug Activity
File: DXSETUP.ZIP
abe098329cacc452714a6e8e632dcfdb
C2: 149.104.2[.]7:443
File: DSETUP.dll
02613d0cfa2863efeda0508b5118ebf9
File: DXSETUP.exe
11dd6e8ab9759d1ac91ffe0d0e4949cb
Persistence via SCH Task: "DXUpdate"
#APT #Malware #ioc](https://pbs.twimg.com/media/GwhGd-xWAAAjO5f.jpg "Cyber Team (@cyberteam008) on Twitter photo #PlugX / #KorPlug Activity
File: DXSETUP.ZIP
abe098329cacc452714a6e8e632dcfdb
C2: 149.104.2[.]7:443
File: DSETUP.dll
02613d0cfa2863efeda0508b5118ebf9
File: DXSETUP.exe
11dd6e8ab9759d1ac91ffe0d0e4949cb
Persistence via SCH Task: \"DXUpdate\"
#APT #Malware #ioc")
![#PlugX #RAT/ #KorPlug Trinity Sample
File: mm[.]zip (0-VT)
8a197d4fd4982a158b53944341b5ae35
C2: 103.56.18[.]101: {53 & 443}
File: arphaDump64.dll
24f470a75493bb99a2c957ba2f9f45ad
File: arphaCrashReport.exe
33f5251edb3fff756692087ecb8ddfdf
#Malware #ioc #MustangPanda #APT](https://pbs.twimg.com/media/GmScbDGaUAAmZ2-.jpg "Cyber Team (@cyberteam008) on Twitter photo #PlugX #RAT/ #KorPlug Trinity Sample
File: mm[.]zip (0-VT)
8a197d4fd4982a158b53944341b5ae35
C2: 103.56.18[.]101: {53 & 443}
File: arphaDump64.dll
24f470a75493bb99a2c957ba2f9f45ad
File: arphaCrashReport.exe
33f5251edb3fff756692087ecb8ddfdf
#Malware #ioc #MustangPanda #APT")
![#Plugx #RAT / #KorPlug Activity
File: Squadcloud.zip
93c358440e05d5faf54a1ce628364684
File: CoreFoundation.dll
5afe443ddabb1ade4e5bb4b0eb80894b
File: iTunesHelper.exe
6ce6784df5fc5b8550c44f90382c2cdd
POST C2: 43.230.9[.]230:53 / cisco.893yakuza[.]com
#Malware #ioc](https://pbs.twimg.com/media/GiR5jF_bIAAPh7P.jpg "Cyber Team (@cyberteam008) on Twitter photo #Plugx #RAT / #KorPlug Activity
File: Squadcloud.zip
93c358440e05d5faf54a1ce628364684
File: CoreFoundation.dll
5afe443ddabb1ade4e5bb4b0eb80894b
File: iTunesHelper.exe
6ce6784df5fc5b8550c44f90382c2cdd
POST C2: 43.230.9[.]230:53 / cisco.893yakuza[.]com
#Malware #ioc")
#China's #Korplug / #PlugX Targeting #Indonesian Govt. Intelligence agency National Cyber and Crypto Agency (Indonesian: Badan Siber dan Sandi Negara [BSSN], lit. 'State Cyber and Signal Agency'). Infra: bssn-gov[.]id 45.133.239[.]183 38.60.171[.]133 Mikhail Kasimov #Malware #ioc
MalwareHunterTeam Shadow Chaser Group Jazi #Korplug 45.133.239].21 ❇️bazaar.abuse.ch/browse/tag/45-…
![<a href="/malwrhunterteam/">MalwareHunterTeam</a> <a href="/ShadowChasing1/">Shadow Chaser Group</a> <a href="/h2jazi/">Jazi</a> #Korplug 45.133.239].21
❇️bazaar.abuse.ch/browse/tag/45-…](https://pbs.twimg.com/media/GWN3DipWYAA5LRk.jpg "JAMESWT (@jameswt_wt) on Twitter photo <a href=\"/malwrhunterteam/\">MalwareHunterTeam</a> <a href=\"/ShadowChasing1/\">Shadow Chaser Group</a> <a href=\"/h2jazi/\">Jazi</a> #Korplug 45.133.239].21
❇️bazaar.abuse.ch/browse/tag/45-…")
MalwareHunterTeam GlobalSign Szabolcs Schmidt Shadow Chaser Group Jazi Florian Roth ⚡️ 85.90.196[.]19 #KorPlug #MustangPanda #Plugx ❇️bazaar.abuse.ch/browse/tag/85-…
![<a href="/malwrhunterteam/">MalwareHunterTeam</a> <a href="/globalsign/">GlobalSign</a> <a href="/smica83/">Szabolcs Schmidt</a> <a href="/ShadowChasing1/">Shadow Chaser Group</a> <a href="/h2jazi/">Jazi</a> <a href="/cyb3rops/">Florian Roth ⚡️</a> 85.90.196[.]19
#KorPlug #MustangPanda #Plugx
❇️bazaar.abuse.ch/browse/tag/85-…](https://pbs.twimg.com/media/GVjDNlXWkAAPHTu.jpg "JAMESWT (@jameswt_wt) on Twitter photo <a href=\"/malwrhunterteam/\">MalwareHunterTeam</a> <a href=\"/globalsign/\">GlobalSign</a> <a href=\"/smica83/\">Szabolcs Schmidt</a> <a href=\"/ShadowChasing1/\">Shadow Chaser Group</a> <a href=\"/h2jazi/\">Jazi</a> <a href=\"/cyb3rops/\">Florian Roth ⚡️</a> 85.90.196[.]19
#KorPlug #MustangPanda #Plugx
❇️bazaar.abuse.ch/browse/tag/85-…")
El actor de amenazas vinculado a China conocido como Mustang Panda se ha dirigido a varios países asiáticos utilizando una variante de la puerta trasera #PlugX (también conocida como #Korplug) denominada #DOPLUGS. #2024 #Infosec #BT thehackernews.com/2024/02/mustan… brierandthorn.com/?utm_campaign=…
