Category | Details |
---|---|
Threat Actors | PlugX worm (associated with Mustang Panda) |
Campaign Overview | Disinfection of systems infected by PlugX worm through a sinkhole operation and collaboration with 34 countries, supported by national CERTs and law enforcement agencies. |
Target Regions | 34 countries, including France, with specific focus on compromised IPs within those regions |
Methodology | Sinkholing, remote disinfection using self-delete commands and custom code for disinfection, targeting specific IP addresses or CIDR blocks |
Product Targeted | Workstations infected with PlugX worm |
Malware Reference | PlugX worm (Mustang Panda) |
Tools Used | Sinkhole, disinfection portal (API and graphical interface), self-delete command, disinfection payloads |
Vulnerabilities Exploited | Flash drives, C2 communications |
TTPs | Sinkholing, payload delivery for disinfection, collaboration with international authorities |
Attribution | Mustang Panda (PlugX worm) |
Recommendations | Sovereign disinfection processes, collaboration with national CERTs and LEAs, legal frameworks for disinfection campaigns |
Source | Hackread |
Read full article: https://blog.sekoia.io/plugx-worm-disinfection-campaign-feedbacks/
The above summary has been generated by an AI language model
Leave a Reply