PlugX malware: A good hacker is an apologetic hacker
(Publication) Google search: [1]
PlugX malware: A good hacker is an apologetic hacker | |
---|---|
Botnet | PlugX |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2016 / 2016-03-10 |
Editor/Conference | Kaspersky Securelist |
Link | https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/ (Archive copy) |
Author | Dmitry Tarakanov |
Type | Blogpost |
Abstract
“ Our first research into PlugX was published in 2012 – since then this remote access tool (RAT) has become a well-known instrument used in a series of attacks all over the globe targeting multiple industry verticals. PlugX has been detected in targeted attacks not only against military, government or political organizations but also against more or less ordinary companies. In 2013, we discovered that the Winnti group responsible for attacking companies in the online gaming industry has been using the PlugX remote administration tool since at least May 2012.
This time, looking through some anomalous PlugX samples, we stumbled upon one specimen that had an RC4 encoded resource inside. Actually, it turned out to be a test sample with dummy settings. Luckily, it was quite easy to find the initial builder that generates such samples.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2016BFR4819, editor = {Kaspersky Securelist}, author = {Dmitry Tarakanov}, title = {PlugX malware: A good hacker is an apologetic hacker}, date = {10}, month = Mar, year = {2016}, howpublished = {\url{https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/}}, }