Analysis of a PlugX malware variant used for targeted attacks

From Botnets.fr
Jump to: navigation, search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Analysis of a PlugX malware variant used for targeted attacks
Botnet PlugX
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-03-28
Editor/Conference CIRCL
Link http://www.circl.lu/pub/tr-12/ (Archive copy)
Author CIRCL
Type White paper

Abstract

This report is the analysis of a Remote Access Tool (RAT) which is usually named PlugX (also known as Gulpix, Korplug). This malware is often used in targeted attacks against private organizations, governments, political organization and even some individuals. This PlugX variant is interesting on several aspects like the use of a perfectly valid signed binary in order to perform its attack. It also features mechanisms in order to defeat protection like Windows UAC (User Account Control). The purpose of the analysis is to improve the detection at the potential victims site but review the security measures in place within other organization to limit the impact of such targeted attack.

Bibtex

 @misc{CIRCL2013BFR1335,
   editor = {CIRCL},
   author = {CIRCL},
   title = {Analysis of a PlugX malware variant used for targeted attacks},
   date = {28},
   month = Mar,
   year = {2013},
   howpublished = {\url{http://www.circl.lu/pub/tr-12/}},
 }