IOC pivotioc · sha-256
85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654
CN · ChinaMustang Pandaconfidence · high
SHA-256 of `AvastSvc.exe`, the legitimate Avast binary abused for DLL side-loading by the Mustang Panda PlugX USB worm. Listed alongside the malicious DLL in the Sophos IOC table; drops the side-load triad into `%userprofile%/AvastSvcpCP/`.
- family
- PlugX
- first seen
- Mar 8, 2023
- publisher
- Sophos X-Ops