PlugX
Description
(US-CERT) PLUGX is a sophisticated Remote Access Tool (RAT) operating since approximately 2012. Although there are now many variants of this RAT in existence today, there are still characteristics common to most variants.
Names
| Name |
|---|
| PlugX |
| Destroy RAT |
| DestroyRAT |
| Korplug |
| Sogu |
| Kaba |
| Xamtrav |
| Agent.dhwf |
| RedDelta |
| TIGERPLUG |
| Thoper |
| TVT |
Category
Malware
Type
- Reconnaissance
- Backdoor
- Keylogger
- Info stealer
- Exfiltration
Information
- https://www.us-cert.gov/ncas/alerts/TA17-117A
- https://threatrecon.nshc.net/2019/03/19/sectorm04-targeting-singapore-custom-malware-analysis/
- http://blog.jpcert.or.jp/2015/01/analysis-of-a-r-ff05.html
- http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html
- http://blog.jpcert.or.jp/.s/2017/04/redleaves---malware-based-on-open-source-rat.html
- https://countuponsecurity.com/2018/02/04/malware-analysis-plugx/
- https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf
- https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf
- https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf
- http://blog.airbuscybersecurity.com/post/2014/01/plugx-some-uncovered-points.html
- https://community.rsa.com/thread/185439
- https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/
- https://www.lac.co.jp/lacwatch/people/20171218_001445.html
- https://countuponsecurity.com/2018/05/09/malware-analysis-plugx-part-2/
- https://securelist.com/time-of-death-connected-medicine/84315/
- https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf
- https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disguised-as-antivirus/
- https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf
- https://www.cybereason.com/blog/threat-analysis-report-plugx-rat-loader-evolution
- https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
- https://asec.ahnlab.com/en/49097/
- https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
- https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/
- https://www.bleepingcomputer.com/news/security/fbi-deletes-chinese-plugx-malware-from-thousands-of-us-computers/
Mitre Attack
Malpedia
Alienvault Otx
Playbook
Other Information
Uuid
20865c5a-3bb0-413b-b59b-9a994303a9c9
Last Card Change
2025-02-22