February 21, 2024 at 08:15AM
Mustang Panda, a China-linked threat actor, has used a variant of the PlugX backdoor called DOPLUGS to target countries in Asia, especially Taiwan and Vietnam. The group is known for well-crafted spear-phishing campaigns and has deployed customized PlugX variants like RedDelta and DOPLUGS since 2018. They also use plugins for malware distribution and theft.
Key Takeaways from the Meeting Notes:
– The China-linked threat actor Mustang Panda has targeted various Asian countries using a variant of the PlugX backdoor called DOPLUGS.
– Targets of DOPLUGS have been primarily located in Taiwan and Vietnam, with lesser impacts in Hong Kong, India, Japan, Malaysia, Mongolia, and even China.
– Mustang Panda has a history of carrying out well-forged spear-phishing campaigns and deploying customized PlugX variants since at least 2018, including RedDelta, Thor, Hodur, and DOPLUGS.
– Recent findings by Lab52 revealed a new variant of DOPLUGS written in the Nim programming language, using its own implementation of the RC4 algorithm to decrypt PlugX.
– DOPLUGS is a downloader with four backdoor commands and has been found integrated with a module known as KillSomeOne, responsible for malware distribution, information collection, and document theft via USB drives.
– The threat actor continues to refine its tools, adding new functionalities and features, and remains highly active, particularly in Europe and Asia.
Please let me know if you need any further information or if there is anything else I can assist you with.