| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Actor(s): APT 22, APT 26, APT31, APT41, Aurora Panda, Calypso group, DragonOK, Emissary Panda, Hellsing, Hurricane Panda, Leviathan, Mirage, Mustang Panda, NetTraveler, Nightshade Panda, Samurai Panda, Stone Panda, UPS, Violin Panda
RSA describes PlugX as a RAT (Remote Access Trojan) malware family that is around since 2008 and is used as a backdoor to control the victim's machine fully. Once the device is infected, an attacker can remotely execute several kinds of commands on the affected system.
Notable features of this malware family are the ability to execute commands on the affected machine to retrieve:
machine information
capture the screen
send keyboard and mouse events
keylogging
reboot the system
manage processes (create, kill and enumerate)
manage services (create, start, stop, etc.); and
manage Windows registry entries, open a shell, etc.
The malware also logs its events in a text log file.
| 2020-09-15 ⋅ Recorded Future ⋅ Back Despite Disruption: RedDelta Resumes Operations PlugX |
| 2020-09-11 ⋅ ThreatConnect ⋅ Research Roundup: Activity on Previously Identified APT33 Domains Emotet PlugX APT33 |
| 2020-07-29 ⋅ Recorded Future ⋅ Chinese State-sponsored Group RedDelta Targets the Vatican and Catholic Organizations PlugX |
| 2020-07-29 ⋅ Kaspersky Labs ⋅ APT trends report Q2 2020 PhantomLance Dacls Penquin Turla elf.wellmess AppleJeus Dacls AcidBox Cobalt Strike Dacls EternalPetya Godlike12 Olympic Destroyer PlugX shadowhammer ShadowPad Sinowal VHD Ransomware Volgmer WellMess X-Agent XTunnel |
| 2020-07-29 ⋅ ESET Research ⋅ THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos Ransomware PlugX Pony REvil Socelars STOP Ransomware Tinba TrickBot WannaCryptor |
| 2020-07-28 ⋅ NTT ⋅ CraftyPanda 標的型攻撃解析レポート Ghost RAT PlugX |
| 2020-07-20 ⋅ Risky.biz ⋅ What even is Winnti? CCleaner Backdoor Ghost RAT PlugX ZXShell |
| 2020-07-20 ⋅ Dr.Web ⋅ Study of the APT attacks onstate institutions inKazakhstan and Kyrgyzstan Microcin Mirage PlugX |
| 2020-07-15 ⋅ ZDNet ⋅ Chinese state hackers target Hong Kong Catholic Church PlugX |
| 2020-06-03 ⋅ Kaspersky Labs ⋅ Cycldek: Bridging the (air) gap 8.t Dropper NewCore RAT PlugX USBCulprit Hellsing |
| 2020-06-02 ⋅ Lab52 ⋅ Mustang Panda Recent Activity: Dll-Sideloading trojans with temporal C2 servers PlugX |
| 2020-05-15 ⋅ Twitter (@stvemillertime) ⋅ Tweet on SOGU development timeline, including TIGERPLUG IOCs PlugX |
| 2020-05-14 ⋅ Lab52 ⋅ The energy reserves in the Eastern Mediterranean Sea and a malicious campaign of APT10 against Turkey Cobalt Strike HTran MimiKatz PlugX Quasar RAT |
| 2020-05-01 ⋅ Viettel Cybersecurity ⋅ Chiến dịch của nhóm APT Trung Quốc Goblin Panda tấn công vào Việt Nam lợi dụng đại dịch Covid-19 (phần 1) NewCore RAT PlugX |
| 2020-03-19 ⋅ VinCSS ⋅ Phân tích mã độc lợi dụng dịch Covid-19 để phát tán giả mạo “Chỉ thị của thủ tướng Nguyễn Xuân Phúc” - Phần 2 PlugX |
| 2020-03-02 ⋅ Virus Bulletin ⋅ Pulling the PKPLUG: the adversary playbook for the long-standing espionage activity of a Chinese nation-state adversary HenBox Farseer PlugX Poison Ivy |
| 2020-02-21 ⋅ ADEO DFIR ⋅ APT10 Threat Analysis Report CHINACHOPPER HTran MimiKatz PlugX Quasar RAT |
| 2020-02-18 ⋅ Trend Micro ⋅ Uncovering DRBControl: Inside the Cyberespionage Campaign Targeting Gambling Operations Cobalt Strike HyperBro PlugX Trochilus RAT |
| 2020-02-17 ⋅ Talent-Jump Technologies ⋅ CLAMBLING - A New Backdoor Base On Dropbox HyperBro PlugX |
| 2020-01-31 ⋅ Avira ⋅ New wave of PlugX targets Hong Kong PlugX |
| 2020-01 ⋅ Dragos ⋅ Threat Intelligence and the Limits of Malware Analysis Exaramel Exaramel Industroyer Lookback NjRAT PlugX |
| 2020 ⋅ Secureworks ⋅ BRONZE UNION 9002 RAT CHINACHOPPER Enfal Ghost RAT HttpBrowser HyperBro owaauth PlugX Poison Ivy ZXShell LuckyMouse |
| 2020 ⋅ Secureworks ⋅ BRONZE KEYSTONE 9002 RAT BLACKCOFFEE DeputyDog Derusbi HiKit PlugX Poison Ivy ZXShell Aurora Panda |
| 2020 ⋅ Secureworks ⋅ BRONZE PRESIDENT CHINACHOPPER Cobalt Strike PlugX Mustang Panda |
| 2020 ⋅ Secureworks ⋅ BRONZE OLIVE ANGRYREBEL PlugX APT 22 |
| 2020 ⋅ Secureworks ⋅ BRONZE RIVERSIDE Anel ChChes Cobalt Strike PlugX Poison Ivy Quasar RAT RedLeaves Stone Panda |
| 2020 ⋅ Secureworks ⋅ BRONZE ATLAS Speculoos Winnti ACEHASH CCleaner Backdoor CHINACHOPPER Empire Downloader HTran MimiKatz PlugX Winnti Axiom |
| 2020 ⋅ Secureworks ⋅ BRONZE WOODLAND PlugX Zeus Roaming Tiger |
| 2020 ⋅ Secureworks ⋅ BRONZE FIRESTONE 9002 RAT Derusbi Empire Downloader PlugX Poison Ivy Shell Crew |
| 2020 ⋅ Secureworks ⋅ BRONZE EXPRESS 9002 RAT CHINACHOPPER IsSpace NewCT PlugX smac APT 26 |
| 2020 ⋅ Secureworks ⋅ BRONZE OVERBROOK Aveo DDKONG IsSpace PLAINTEE PlugX Rambo DragonOK |
| 2019-12-29 ⋅ Secureworks ⋅ BRONZE PRESIDENT Targets NGOs PlugX BRONZE PRESIDENT |
| 2019-11-16 ⋅ Silas Cutler's Blog ⋅ Fresh PlugX October 2019 PlugX |
| 2019-11-11 ⋅ Virus Bulletin ⋅ APT cases exploiting vulnerabilities in region‑specific software NodeRAT Emdivi PlugX |
| 2019-10-31 ⋅ PTSecurity ⋅ Calypso APT: new group attacking state institutions BYEBY FlyingDutchman Hussar PlugX |
| 2019-10-03 ⋅ Palo Alto Networks Unit 42 ⋅ PKPLUG: Chinese Cyber Espionage Group Attacking Asia HenBox Farseer PlugX |
| 2019-06-03 ⋅ FireEye ⋅ Into the Fog - The Return of ICEFOG APT Icefog PlugX Sarhust |
| 2019-05-24 ⋅ enSilo ⋅ Uncovering new Activity by APT10 PlugX Quasar RAT |
| 2019-03-19 ⋅ NSHC ⋅ SectorM04 Targeting Singapore – An Analysis PlugX Termite |
| 2018-12-14 ⋅ Australian Cyber Security Centre ⋅ Investigationreport: Compromise of an Australian companyvia their Managed Service Provider PlugX RedLeaves |
| 2018-05-09 ⋅ COUNT UPON SECURITY ⋅ Malware Analysis - PlugX - Part 2 PlugX |
| 2018-03-13 ⋅ Kaspersky Labs ⋅ Time of death? A therapeutic postmortem of connected medicine PlugX |
| 2018-02-04 ⋅ COUNT UPON SECURITY ⋅ MALWARE ANALYSIS – PLUGX PlugX |
| 2017-12-18 ⋅ LAC ⋅ Relationship between PlugX and attacker group "DragonOK" PlugX |
| 2017-06-27 ⋅ Palo Alto Networks Unit 42 ⋅ Paranoid PlugX PlugX |
| 2017-04-27 ⋅ US-CERT ⋅ Alert (TA17-117A): Intrusions Affecting Multiple Victims Across Multiple Sectors PlugX RedLeaves |
| 2017-04-03 ⋅ JPCERT/CC ⋅ RedLeaves - Malware Based on Open Source RAT PlugX RedLeaves |
| 2017-04 ⋅ PricewaterhouseCoopers ⋅ Operation Cloud Hopper: Technical Annex ChChes PlugX Quasar RAT RedLeaves Trochilus RAT |
| 2017-02-21 ⋅ JPCERT/CC ⋅ PlugX + Poison Ivy = PlugIvy? - PlugX Integrating Poison Ivy’s Code PlugX |
| 2017-02-13 ⋅ RSA ⋅ KINGSLAYER – A SUPPLY CHAIN ATTACK CodeKey PlugX |
| 2016-08-25 ⋅ Malwarebytes ⋅ Unpacking the spyware disguised as antivirus PlugX |
| 2016-01-22 ⋅ RSA Link ⋅ PlugX APT Malware PlugX |
| 2015-08 ⋅ Arbor Networks ⋅ Uncovering the Seven Pointed Dagger 9002 RAT EvilGrab PlugX Trochilus RAT Group 27 |
| 2015-02-06 ⋅ CrowdStrike ⋅ CrowdStrike Global Threat Intel Report 2014 BlackPOS CryptoLocker Derusbi Elise Enfal EvilGrab Gameover P2P HttpBrowser Medusa Mirage Naikon NetTraveler pirpi PlugX Poison Ivy Sakula RAT Sinowal sykipot taidoor |
| 2015-01-29 ⋅ JPCERT/CC ⋅ Analysis of a Recent PlugX Variant - “P2P PlugX” PlugX |
| 2014-06-27 ⋅ SophosLabs ⋅ PlugX - The Next Generation PlugX |
| 2014-06-10 ⋅ FireEye ⋅ Clandestine Fox, Part Deux PlugX |
| 2014-01-06 ⋅ Airbus ⋅ PlugX: some uncovered points PlugX |
| 2013-03-29 ⋅ Computer Incident Response Center Luxembourg ⋅ Analysis Report (TLP:WHITE) Analysis of a PlugX variant (PlugX version 7.0) PlugX |