Difference between revisions of "PlugX: some uncovered points"
Jump to navigation
Jump to search
m (1 revision imported) |
Revision as of 16:30, 7 February 2015
(Publication) Google search: [1]
| PlugX: some uncovered points | |
|---|---|
| Botnet | PlugX |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014-01-06 |
| Editor/Conference | Cassidian Cybersecurity |
| Link | http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html blog.cassidiancybersecurity.com (blog.cassidiancybersecurity.com Archive copy) |
| Author | Fabien Perigaud |
| Type | Blogpost |
Abstract
“ PlugX (or Korplug, or Gulpix) is a well-known RAT involved in many APT cases. Some excellent write-ups about this malware have already been published by the CIRCL, Sophos and AlienVault.
Since we met it on an incident response case back in 2012, we followed its evolution to improve our knowledge, rules and tools. We're planning to release details about this malware in a small serie of blog posts, to cover some points which have not been published yet.
This first post will cover some internals of the original PlugX malware and we'll deal with its evolution in the next one.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1371,
editor = {Cassidian Cybersecurity},
author = {Fabien Perigaud},
title = {PlugX: some uncovered points},
date = {06},
month = Jan,
year = {2014},
howpublished = {\url{http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html blog.cassidiancybersecurity.com}},
}