PlugX: new tool for a not so new campaign
Jump to navigation
Jump to search
(Publication) Google search: [1]
PlugX: new tool for a not so new campaign | |
---|---|
Botnet | PlugX |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-09-10 |
Editor/Conference | Trend Micro |
Link | http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/ (Archive copy) |
Author | Roland Dela Paz |
Type |
Abstract
“ Earlier this year, a new breed of Remote Access Tool (RAT) called Plugx (also known as Korplug) surfaced in the wild. PlugX, reportedly used on limited targeted attacks, is an example of custom-made RATs developed specifically for such attacks.
The idea behind using this new tool is simple: less recognition and more elusiveness from security researchers. However, this does not mean that this attack is new. Our monitoring reveals that PlugX is part of a campaign that has been around since (at least) February 2008.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1163, editor = {Trend Micro}, author = {Roland Dela Paz}, title = {PlugX: new tool for a not so new campaign}, date = {10}, month = Sep, year = {2012}, howpublished = {\url{http://blog.trendmicro.com/plugx-new-tool-for-a-not-so-new-campaign/}}, }