OP-512
· Published 08/06/2026 10:23 · Modified 08/06/2026 10:23
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 08/06/2026 10:23
- Modified
- 08/06/2026 10:23
- Updated at
- 08/06/2026 10:23
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 19 attack patterns (mitre), 11 malware, 7 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
AlienVault Confidence 100 19 MITREs 11 Malwares 7 IOCs 7 Observables 1 APTPublished 05/06/2026 20:07 · Modified 08/06/2026 08:23 · threat-report
Attack patterns (MITRE) (19)
-
T1132.001 usesStandard Encoding
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1134.002 usesCreate Process with Token
-
T1573.001 usesSymmetric Cryptography
-
T1568.002 usesDomain Generation Algorithms
-
T1505.003 usesWeb Shell
-
T1102.002 usesBidirectional Communication
-
T1071.001 usesWeb Protocols
-
T1059.003 usesWindows Command Shell
-
T1033 usesSystem Owner/User Discovery
-
T1548.002 usesBypass User Account Control
-
T1057 usesProcess Discovery
-
T1190 usesExploit Public-Facing Application
-
T1105 usesIngress Tool Transfer
-
T1132.002 usesNon-Standard Encoding
-
T1070.006 usesTimestomp
-
T1090.001 usesInternal Proxy
-
T1071.004 usesDNS
-
T1055.001 usesDynamic-link Library Injection
Malware (11)
-
Korplug usesThe MITRE Corporation Confidence 100
[PlugX](https://attack.mitre.org/software/S0013) is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation: …
First seen 01/01/1970 · Last seen 16/11/5138 Published 31/05/2017 23:32 · Modified 08/06/2026 10:23 -
BadPotato usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
Meterpreter usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
-
Gamshen usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
PlugX - S0013 usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
SweetPotato usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
EfsPotato usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 08/06/2026 10:23 · Modified 08/06/2026 10:23
-
Rungan usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
BadIIS usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
-
GhostKit usesFamilyPublished 05/06/2026 18:07 · Modified 05/06/2026 18:07
Indicators (7)
-
124.156.129.151indicates -
43.160.202.246indicates -
ashx.lhlsjcb.comindicates -
hcgos.comindicates -
http://43.160.202.246:8053indicates -
140.206.161.227indicates -
http://140.206.161.227:443indicates