ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool PlugX

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: PlugX

NamesPlugX
Destroy RAT
Korplug
Sogu
Kaba
Xamtrav
Agent.dhwf
CategoryMalware
TypeReconnaissance, Backdoor, Keylogger, Info stealer, Exfiltration
Description(US-CERT) PLUGX is a sophisticated Remote Access Tool (RAT) operating since approximately 2012. Although there are now many variants of this RAT in existence today, there are still characteristics common to most variants.
Information<https://www.us-cert.gov/ncas/alerts/TA17-117A>
<https://threatrecon.nshc.net/2019/03/19/sectorm04-targeting-singapore-custom-malware-analysis/>
<http://blog.jpcert.or.jp/2015/01/analysis-of-a-r-ff05.html>
<http://blog.jpcert.or.jp/2017/02/plugx-poison-iv-919a.html>
<http://blog.jpcert.or.jp/.s/2017/04/redleaves---malware-based-on-open-source-rat.html>
<https://countuponsecurity.com/2018/02/04/malware-analysis-plugx/>
<https://circl.lu/assets/files/tr-12/tr-12-circl-plugx-analysis-v1.pdf>
<https://www.rsa.com/content/dam/pdfs/2-2017/kingslayer-a-supply-chain-attack.pdf>
<https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf>
<http://blog.airbuscybersecurity.com/post/2014/01/plugx-some-uncovered-points.html>
<https://community.rsa.com/thread/185439>
<https://researchcenter.paloaltonetworks.com/2017/06/unit42-paranoid-plugx/>
<https://www.lac.co.jp/lacwatch/people/20171218_001445.html>
<https://countuponsecurity.com/2018/05/09/malware-analysis-plugx-part-2/>
<https://securelist.com/time-of-death-connected-medicine/84315/>
<https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/01/ASERT-Threat-Intelligence-Brief-2015-08-Uncovering-the-Seven-Point-Dagger.pdf>
<https://blog.malwarebytes.com/threat-analysis/2016/08/unpacking-the-spyware-disguised-as-antivirus/>
<https://www.sophos.com/en-us/medialibrary/pdfs/technical%20papers/plugx-thenextgeneration.pdf>
MITRE ATT&CK<https://attack.mitre.org/software/S0013/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.plugx>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:plugx>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool PlugX

ChangedNameCountryObserved

APT groups

 APT 3, Gothic Panda, BuckeyeChina2007-Nov 2017X
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 20, Violin PandaChina2014-2017 
 APT 31, Judgment Panda, ZirconiumChina2016 
 APT 41China2012-Aug 2020 HOTX
 AVIVOREChina2015 
 Axiom, Group 72China2008-2008/2014 
 BariumChina2016-Nov 2017X
 BookwormChina2015 
 CalypsoChina2016 
 CardinalLizardChina2014 
 DragonOKChina2015-Jan 2017 
 Emissary Panda, APT 27, LuckyMouse, Bronze UnionChina2010-Mar 2020 
 Goblin Panda, Cycldek, ConimesChina2013-2018 
 IronHuskyChina2017 
 Leviathan, APT 40, TEMP.PeriscopeChina2013-Jan 2020 
 Mustang Panda, Bronze PresidentChina2014-Mar 2020 
 Naikon, Lotus PandaChina2012-2017 
 NetTraveler, APT 21, Hammer PandaChina2004-Dec 2015 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Operation DRBControlChina2019 
 PKPLUGChina2016 
 RedDeltaChina2020-Aug 2020 HOT 
 Roaming TigerChina2014-Aug 2015 
 Samurai PandaChina2009 
 Stone Panda, APT 10, menuPassChina2006-Jul 2020X
 TA459China2017 
 Turbine Panda, APT 26, Shell Crew, WebMasters, KungFu KittensChina2010-Oct 2018X
 Wicked Spider, APT 22China2018 

29 groups listed (29 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key