PlushDaemon

Also known as EdgeStepper
Reports
3
First seen
Nov 6
Last seen
Dec 2
Motivation
espionage, geopolitical objectives

Top ATT&CK techniques

T1557 Adversary-in-the-Middle ×2T1190 Exploit Public-Facing Application ×2T1486 Data Encrypted for Impact ×2T1561 Disk Wipe ×2T1566 Phishing ×2T1573 Encrypted Channel ×1T1583.002 Acquire Infrastructure: DNS Server ×1T1598 Phishing for Information ×1T1505.003 Web Shell ×1T1005 Data from Local System ×1T1106 Native API ×1T1056.004 Keylogging ×1

Indicators

domain ×5cve ×4filename ×3ip_v4 ×2url ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.