Sogu

Malware updated 4 months ago (2024-05-04T18:19:03.817Z)
Download STIX
Preview STIX
SOGU is a malicious software (malware) attributed to TEMP.Hex, a threat actor linked to China. The malware is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. SOGU has been associated with various other malware including SHOTPUT, COOKIECUTTER, PANDORA, ZXSHELL, GHOST, WIDEBERTH, QUICKPULSE, FLOWERPOT, TEMPFUN, Gh0st, TRAVELNET, HOMEUNIX, and ZEROTWO. The primary infection vector of the SOGU malware is through an infected USB drive. However, it also uses phishing emails as its initial compromise method. These emails, often generic in nature and appearing to be spam, are used by APT3, another threat actor. APT27 and APT21, on the other hand, use spear phishing as their initial compromise method, leveraging email messages with malicious attachments, links to malicious files, or web pages. SOGU loaders have been identified in several instances (#9214, #9215) being delivered via email as compressed attachments. In terms of technical execution, the SOGU loader is written to disk (#9210), then moves into a pre-execution phase (#9211). It is then transferred over HTTP/S (#9212, #9213). SafeBreach provides coverage of the SOGU malware, offering insights into its operation and potential countermeasures. Understanding this malware and its attack vectors is crucial in developing effective defenses and response strategies.
Description last updated: 2024-05-04T17:43:12.346Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Korplug
3
Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Backdoor
Loader
Payload
Mandiant
Espionage
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Sogu Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
10 months ago
NoEscape Ransomware, AvosLocker Ransomware, Retch Ransomware, S-H-O Ransomware and More: Hacker’s Playbook Threat Coverage Round-up: October 31st, 2023
MITRE
2 years ago
Threat Spotlight: Group 72
BankInfoSecurity
a year ago
Breach Roundup: IT Worker Sentenced for Impersonation
DARKReading
a year ago
Sogu, SnowyDrive Malware Spreads, USB-Based Cyberattacks Surge
CERT-EU
a year ago
The Shocking Data on Kia and Hyundai Thefts in the US
CERT-EU
a year ago
My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online
MITRE
2 years ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
CERT-EU
a year ago
Cyber Security Today, July 17, 2023 – USB-based attacks rising, attacks on AWS increasing and more | IT World Canada News
CERT-EU
a year ago
Sharp Increase in Malware Attacks via USB Flash Drives | IT Security News
CERT-EU
a year ago
Hackers Leverage USB Flash Drives to Attack Public and Private Sectors Globally
CERT-EU
a year ago
Malicious USB Drives Targetinging Global Targets with SOGU and SNOWYDRIVE Malware | IT Security News
MITRE
2 years ago
APT10 MenuPass Group | Global Targeting Using New Tools