Tracking down the author of the PlugX RAT
Revision as of 20:00, 14 September 2012 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
| Tracking down the author of the PlugX RAT | |
|---|---|
| Botnet | PlugX |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / 13 septembre 2012 |
| Editor/Conference | Alienvault |
| Link | http://labs.alienvault.com/labs/index.php/2012/tracking-down-the-author-of-the-plugx-rat/ labs.alienvault.com (labs.alienvault.com Archive copy) |
| Author | Jaime Blasco |
| Type | |
Abstract
“ Some days ago, TrendMicro published some information about a new version of a RAT called PlugX. From the last few months we have been tracking a group using the PlugX RAT that has been attacking different targets especially in Japan, Taiwan, Korea and against Tibetan organizations and individuals.
In this post we will focus on the intelligence we have extracted from the payloads of the attacks and how we used this information to track the author of the RAT that is very likely to be involved in the attacks as well.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1162,
editor = {Alienvault},
author = {Jaime Blasco},
title = {Tracking down the author of the PlugX RAT},
date = {Error: Invalid time.},
month = Error: Invalid time.,
year = {2012},
howpublished = {\url{http://labs.alienvault.com/labs/index.php/2012/tracking-down-the-author-of-the-plugx-rat/ labs.alienvault.com}},
}