PlugX malware: A good hacker is an apologetic hacker

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

PlugX malware: A good hacker is an apologetic hacker
Botnet PlugX
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2016 / 2016-03-10
Editor/Conference Kaspersky Securelist
Link https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/ (Archive copy)
Author Dmitry Tarakanov
Type Blogpost

Abstract

Our first research into PlugX was published in 2012 – since then this remote access tool (RAT) has become a well-known instrument used in a series of attacks all over the globe targeting multiple industry verticals. PlugX has been detected in targeted attacks not only against military, government or political organizations but also against more or less ordinary companies. In 2013, we discovered that the Winnti group responsible for attacking companies in the online gaming industry has been using the PlugX remote administration tool since at least May 2012.

This time, looking through some anomalous PlugX samples, we stumbled upon one specimen that had an RC4 encoded resource inside. Actually, it turned out to be a test sample with dummy settings. Luckily, it was quite easy to find the initial builder that generates such samples.

Bibtex

 @misc{Tarakanov2016BFR4819,
   editor = {Kaspersky Securelist},
   author = {Dmitry Tarakanov},
   title = {PlugX malware: A good hacker is an apologetic hacker},
   date = {10},
   month = Mar,
   year = {2016},
   howpublished = {\url{https://securelist.com/blog/virus-watch/74150/plugx-malware-a-good-hacker-is-an-apologetic-hacker/}},
 }