Analysis of a PlugX Malware Variant used for Targeted Attacks - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Analysis of a PlugX Malware Variant used for Targeted Attacks

The analysis of a Remote Access Tool which is usually named PlugX this also known as Gulpix, Korplug. This malware is often used in targeted attacks against private organizations, governments, political organization and even some individuals.


According to CIRCL(Computer Incident Response Center Luxembourg) this PlugX variant is interesting on several aspects like the use of a perfectly valid signed binary in order to perform its attack. It also features mechanisms in order to defeat protection like Windows UAC (User Account Control). 

The purpose of the analysis is to improve the detection at the potential victims site but review the security measures in place within other organization to limit the impact of such targeted attack.



You may download the complete PlugX analysis report from HERE. CIRCL recommends private organization or any potential targets to verify the Indicator of Compromise (IOC) contained in the report to detect any potential infection. CIRCL can be contacted in case of detection.

The review the infection process of PlugX in order to assess the security measures taken into an organization.The infection process is fully described in the PlugX analysis report.




Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter

No comments:

Post a Comment