Analysis of a PlugX malware variant used for targeted attacks
Revision as of 12:58, 31 July 2015 by Eric.freyssinet (talk | contribs) (Text replacement - "/ www." to "/ |Site=www.")
(Publication) Google search: [1]
| Analysis of a PlugX malware variant used for targeted attacks | |
|---|---|
| Botnet | PlugX |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2013 / 2013-03-28 |
| Editor/Conference | CIRCL |
| Link | http://www.circl.lu/pub/tr-12/ (Archive copy) |
| Author | CIRCL |
| Type | White paper |
Abstract
“ This report is the analysis of a Remote Access Tool (RAT) which is usually named PlugX (also known as Gulpix, Korplug). This malware is often used in targeted attacks against private organizations, governments, political organization and even some individuals. This PlugX variant is interesting on several aspects like the use of a perfectly valid signed binary in order to perform its attack. It also features mechanisms in order to defeat protection like Windows UAC (User Account Control). The purpose of the analysis is to improve the detection at the potential victims site but review the security measures in place within other organization to limit the impact of such targeted attack.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1335,
editor = {CIRCL},
author = {CIRCL},
title = {Analysis of a PlugX malware variant used for targeted attacks},
date = {28},
month = Mar,
year = {2013},
howpublished = {\url{http://www.circl.lu/pub/tr-12/}},
}