PlugX RAT: The tale of the RAT that has been used in various cyber-espionage campaigns

Jun 16, 2019 12:00 pm Cyber Security 417

PlugX RAT has been used in several attacks launched by Chinese cyber-espionage group APT10.
Its capabilities include keystroke logging and performing port mapping, capturing screenshots and videos, creating, executing, renaming, modifying, and deleting files, and restarting or rebooting systems.

PlugX is a Remote Access Trojan (RAT) which was first spotted in 2012, since then it has been used in several attacks launched by Chinese cyber-espionage group APT10. PlugX RAT primarily targets government entities and is distributed via phishing emails, spam campaigns, and spear-phishing campaigns.


The attack starts with a phishing email containing a malicious attachment, usually, a specially crafted malicious document that exploits either a vulnerability in Adobe Acrobat Reader or Microsoft Office.


Backdoor modules


This RAT includes several backdoor modules,


XPlugDisk
XPlugKeyLogger
XPlugNethood
XPlugOption
XPlugPortMap
XPlugProcess
XPlugRegedit
XPlugScreen
XPlugService
XPlugShell
XPlugSQL
XPlugTelnet

Capabilities


Its capabilities include creating, executing, copying, renaming, modifying, moving, and deleting files
Getting drive information and file information
Restart or Reboot system
Enumerating and terminating process
Keystroke logging and performing port mapping
Capturing screenshots and videos
Starting, enumerating, modifying, and deleting services
Performing a remote shell, executing a SQL statement, and hosting a Telnet server.

PlugX targeting Afghan and Russian Military


In 2014, PlugX was used in an attack campaign targeting intelligence information on Russian, Afghan and Tajik military and diplomats. PlugX was distributed via spear-phishing emails that included maliciously crafted RTF documents and self-extracting RAR archives designed to exploit Microsoft Word vulnerabilities in order to install the malware on targeted systems.


7.93 million user records from Japanese Travel agency compromised


In July 2016, a Japanese travel agency, JTB Corp, suffered a ..

Support the originator by clicking the read the rest link below.

plugx various cyber espionage campaigns
Read The Rest from the original source
cyware.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!