45[.]142[.]166[.]112

PlugX USB-worm command-and-control IP attributed to Mustang Panda. Sinkholed by Sekoia in September 2023 (the address had lapsed and was re-registered for USD 7). This is the same C2 the FBI/DOJ used for the court-authorized self-delete operation that cleaned ~4,258 U.S. hosts (announced Jan 2025).

family

PlugX

first seen

Aug 31, 2023

publisher

Sekoia.io