Hodur

Malware updated 8 days ago (2024-11-29T14:02:55.250Z)
Download STIX
Preview STIX
Hodur is a sophisticated malware variant of Korplug (also known as PlugX), often deployed by China-aligned threat actors, such as the Mustang Panda group. The malware is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once inside a system, Hodur can steal personal information, disrupt operations, or even hold data hostage for ransom. This malicious software has been found to transition from another malware type called DOPLUGS, indicating an evolution in its deployment strategy. In December 2022, cybersecurity firm Avast disclosed a series of attacks targeting government agencies and political NGOs in Myanmar. The attackers used Hodur and a Google Drive uploader utility to exfiltrate sensitive data, including email dumps, files, court hearings, interrogation reports, and meeting transcripts. This marked a significant escalation in the use of Hodur, demonstrating its capability to facilitate large-scale, targeted data breaches. A distinguishing feature of the Hodur variant is its dual-category command and control (C&C) servers. One server functions as a regular C&C server, receiving backdoor commands, while the second is designed to download payloads for process injection in svchost.exe. This dual-server structure enhances the malware's communication capabilities, making it more versatile and potent. The KillSomeOne + Hodur variant serves as a notable example of this advanced functionality.
Description last updated: 2024-05-05T08:48:59.977Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
PlugX is a possible alias for Hodur. PlugX is a Remote Access Trojan (RAT) malware known for its stealthy operations and destructive capabilities. It is often used by threat actors to exploit and damage computer systems, steal personal information, disrupt operations, or hold data hostage for ransom. Its deployment has been linked to s
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Hodur Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more