PlugX
Also known as: Destroy RAT, Kaba, Korplug, RedDelta, Sogu, TIGERPLUG
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system.
Notable features of this malware family are the ability to execute commands on the affected machine to retrieve:
machine information
capture the screen
send keyboard and mouse events
keylogging
reboot the system
manage processes (create, kill and enumerate)
manage services (create, start, stop, etc.); and
manage Windows registry entries, open a shell, etc.
The malware also logs its events in a text log file.
Linked Threat Actors
C2 Infrastructure
Last 7 days
No activity observed in the last 7 days.
Further Reading
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in the Mongolian supply-chain attack Operation StealthyTrident.
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in the Mongolian supply-chain attack Operation StealthyTrident.
ESET Research shows that at least 10 APT groups are exploiting the recent Microsoft Exchange vulnerabilities to compromise email servers across the world.
ESET research uncovers Hodur, a new variant of Korplug malware that is being spread by Mustang Panda and uses phishing lures referencing the war in Ukraine.
ESET a découvert et analyse Hodur, une variante Korplug propagée par Mustang Panda et dont les leurres d’hameçonnage utilisent l'invasion de l'Ukraine.
EXCLUSIVE: Spear-phishing operation targets members of the Hong Kong Catholic Church.