2023年1月26日 · PlugX is a second-stage implant used not only by multiple groups with a Chinese nexus but also by several cybercrime groups. It has been around for over a decade and has been observed in some high-profile cyberattacks, including the U.S. Government Office of Personnel Management (OPM) breach in 2015.

2024年7月12日 · Regarding your question, formatting a removable drive is usually an effective way to remove most types of malware (including the PlugX virus), but it is not absolutely effective in all cases, depending on the virus's propagation and infection mechanism. Here are some key points: 1. Formatting is effective against most malware

2023年12月6日 · In the ever-evolving landscape of cybersecurity threats, one name that consistently surfaces as a force to be reckoned with is "PlugX." This covert and insidious malware has left a trail of digital intrigue, combining advanced features with a knack for eluding detection.

2021年7月27日 · This blog provides a technical overview of the PlugX variant discovered, indicators of compromise (IOCs) to identify it in networks and a tool developed by Unit 42 to handle payload decryption. Palo Alto Networks customers are protected from PlugX with Cortex XDR or the Next-Generation Firewall with WildFire and Threat Prevention security ...

2023年2月24日 · Trend Micro’s Managed Extended Detection and Response (MxDR) team discovered that a file called x32dbg.exe was used (via the DLL Search Order Hijacking or T1574.001 technique) to sideload a malicious DLL we identified as a variant of PlugX (Trojan.Win32.KORPLUG.AJ.enc).

2025年3月19日 · PlugX is a remote access trojan (RAT) family used to gain access to and control computers. It has been around since 2008 and continues to be exploited today by advanced persistent threat (APT) groups, including Mustang Panda.

在2021年3月监测Microsoft Exchange Server攻击时，Unit 42研究人员就发现了一个PlugX变体，该变体是作为漏洞利用后远程访问工具 (RAT) 传送到其中一台受感染服务器的。 Unit 42 观察到该变体的独特之处在于它包含…

2024年4月25日 · Ability of PlugX worm to live on presents a vexing dilemma: Delete it or leave it be. A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its...

2020年12月11日 · Previously-unreported payload in the form of the well-known Remote Access Tool PlugX; Data exfiltration carried through Google Drive; More tools used for data collection; the attackers perform HTML code injection using ARP spoofing to redirect the victim to a page hosted by the threat actor

2023年12月26日 · PlugX 是一种将高级功能与逃避检测技巧相结合的恶意软件，在网络安全领域产生了深远影响。PlugX 的发展演变与网络间谍活动、有针对性的攻击以及与安全专家的持续博弈密不可分。Splunk 威胁研究团