Hodur

Malware updated 4 months ago (2024-05-05T09:17:28.754Z)

Download STIX

Preview STIX

Hodur is a sophisticated malware variant of Korplug (also known as PlugX), often deployed by China-aligned threat actors, such as the Mustang Panda group. The malware is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once inside a system, Hodur can steal personal information, disrupt operations, or even hold data hostage for ransom. This malicious software has been found to transition from another malware type called DOPLUGS, indicating an evolution in its deployment strategy. In December 2022, cybersecurity firm Avast disclosed a series of attacks targeting government agencies and political NGOs in Myanmar. The attackers used Hodur and a Google Drive uploader utility to exfiltrate sensitive data, including email dumps, files, court hearings, interrogation reports, and meeting transcripts. This marked a significant escalation in the use of Hodur, demonstrating its capability to facilitate large-scale, targeted data breaches. A distinguishing feature of the Hodur variant is its dual-category command and control (C&C) servers. One server functions as a regular C&C server, receiving backdoor commands, while the second is designed to download payloads for process injection in svchost.exe. This dual-server structure enhances the malware's communication capabilities, making it more versatile and potent. The KillSomeOne + Hodur variant serves as a notable example of this advanced functionality.

Description last updated: 2024-05-05T08:48:59.977Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
PlugX	2	PlugX is a notorious malware known for its harmful capabilities and stealthy operations. Often used by the Winnti group, it has been linked to various cyber-attacks, leveraging DLL side-loading to remain undetected. This technique allows it to infiltrate systems without raising alarms, making it an

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Hodur Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Operation Jacana: They’re taking the hobbits to Guyana
CERT-EU	2 years ago	Chinese Hackers Targeting European Entities with New MQsTTang Backdoor
Trend Micro	7 months ago	Earth Preta Campaign Uses DOPLUGS to Target Asia
CERT-EU	2 years ago	Chinese Hackers Targeting European Entities with New MQsTTang Backdoor \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security Consulting