Dissecting PlugX To Extract Its Crown Jewels
Updated: Dec 7, 2022
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides them with full control over infected machines. It has continually evolved over time, adding new features and functionalities with each iteration. Hence, it is important to keep following and documenting its transformations.
Currently, it remains as one of the most popular tools in the Asian cybercrime community, given its flexibility and trajectory in the market; and it is still actively used by notorious threat actors such as Mustang Panda, Winnti, Gallium, DragonOK and Earth Berberoka. Continue Reading...