PlugX: some uncovered points
Jump to navigation
Jump to search
(Publication) Google search: [1]
PlugX: some uncovered points | |
---|---|
Botnet | PlugX |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-01-06 |
Editor/Conference | Cassidian Cybersecurity |
Link | http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html (Archive copy) |
Author | Fabien Perigaud |
Type | Blogpost |
Abstract
“ PlugX (or Korplug, or Gulpix) is a well-known RAT involved in many APT cases. Some excellent write-ups about this malware have already been published by the CIRCL, Sophos and AlienVault.
Since we met it on an incident response case back in 2012, we followed its evolution to improve our knowledge, rules and tools. We're planning to release details about this malware in a small serie of blog posts, to cover some points which have not been published yet.
This first post will cover some internals of the original PlugX malware and we'll deal with its evolution in the next one.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1371, editor = {Cassidian Cybersecurity}, author = {Fabien Perigaud}, title = {PlugX: some uncovered points}, date = {06}, month = Jan, year = {2014}, howpublished = {\url{http://blog.cassidiancybersecurity.com/2014/01/plugx-some-uncovered-points.html}}, }