PlugX is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.

2015.01 [trendmicro] PlugX Malware Found in Official Releases of League of Legends, Path of Exile; 2014.06 [trendmicro] PlugX RAT With “Time Bomb” Abuses Dropbox for Command-and-Control Settings; 2014.06 [lastline] An Analysis of PlugX Using Process Dumps from High-Resolution Malware Analysis

2021年4月3日 · 追踪PlugX Rat作者 若干天前， 趋势科技发布了一些关于PlugX的信息 （RAT的一种新版本）。 最近几个月以来我们一直在追踪一群人，他们使用PlugX RAT来攻击不同的目标，尤其是日本、台湾、韩国以及西藏的组织和个人。

PlugX is a post-exploitation modular RAT (Remote Access Trojan), which is known for its multiple functionalities such as data exfiltration, keystroke grabbing, backdoor functionality, and utilizing DLL-Sideloading techniques for evading security solutions...

plugx rat c2, supports TCP, UDP, HTTP. Contribute to BlackHatCN/plugx development by creating an account on GitHub.

2021年7月27日 · While monitoring the Microsoft Exchange Server attacks in March 2021, Unit 42 researchers identified a PlugX variant delivered as a post-exploitation remote access tool (RAT) to one of the compromised servers. The variant observed by Unit 42 is unique in that it contains a change to its core source code: the replacement of its trademark word ...

在2021年3月监测Microsoft Exchange Server攻击时，Unit 42研究人员就发现了一个PlugX变体，该变体是作为漏洞利用后远程访问工具 (RAT) 传送到其中一台受感染服务器的。 Unit 42 观察到该变体的独特之处在于它包含…

2023年2月24日 · Meanwhile, PlugX is a well-known remote access trojan (RAT) that is used to gain remote access to and control over compromised machines. It allows an attacker to obtain unauthorized access to a system, steal sensitive data, and use the compromised machine for malicious purposes.

样本为越南海莲花组织开发，plugx木马程序。未加壳，通过注册服务的方式进行权限维持，实现开机启动。 三、详细分析. 3.1 执行释放. A、攻击组件由三个文件组成wsc_proxy.exe、wsc.dll、wsc.dump。 B、执行经过签名的合法程序wsc_proxy.exe，并恶意加载loader程序wsc.dll。

2023年12月26日 · PlugX 是一种将高级功能与逃避检测技巧相结合的恶意软件，在网络安全领域产生了深远影响。PlugX 的发展演变与网络间谍活动、有针对性的攻击以及与安全专家的持续博弈密不可分。 Splunk 威胁研究团队（STRT）详细介绍了 PlugX 变体，包括 payload、策略及其影响 ...