Difference between revisions of "PlugX: new tool for a not so new campaign"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " blog.trendmicro.com" to "") |
||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Link=http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/ | |Link=http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/ | ||
|Author=Roland Dela Paz | |Author=Roland Dela Paz | ||
|NomRevue=TrendLabs Malware Blog | |NomRevue=TrendLabs Malware Blog |
Latest revision as of 22:13, 5 August 2015
(Publication) Google search: [1]
PlugX: new tool for a not so new campaign | |
---|---|
Botnet | PlugX |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-09-10 |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/ (Archive copy) |
Author | Roland Dela Paz |
Type |
Abstract
“ Earlier this year, a new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug) surfaced in the wild. PlugX, reportedly used on limited targeted attacks, is an example of custom-made RATs developed specifically for such attacks.
The idea behind using this new tool is simple: less recognition and more elusiveness from security researchers. However, this does not mean that this attack is new. Our monitoring reveals that PlugX is part of a campaign that has been around since (at least) February 2008.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1163, editor = {Trend Micro}, author = {Roland Dela Paz}, title = {PlugX: new tool for a not so new campaign}, date = {10}, month = Sep, year = {2012}, howpublished = {\url{http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/}}, }