The analysis of a Remote Access Tool which is usually named PlugX this also known as Gulpix, Korplug. This malware is often used in targeted attacks against private organizations, governments, political organization and even some individuals.
According to CIRCL(Computer Incident Response Center Luxembourg) this PlugX variant is interesting on several aspects like the use of a perfectly valid signed binary in order to perform its attack. It also features mechanisms in order to defeat protection like Windows UAC (User Account Control).
The purpose of the analysis is to improve the detection at the potential victims site but review the security measures in place within other organization to limit the impact of such targeted attack.
You may download the complete PlugX analysis report from HERE. CIRCL recommends private organization or any potential targets to verify the Indicator of Compromise (IOC) contained in the report to detect any potential infection. CIRCL can be contacted in case of detection.
The review the infection process of PlugX in order to assess the security measures taken into an organization.The infection process is fully described in the PlugX analysis report.
According to CIRCL(Computer Incident Response Center Luxembourg) this PlugX variant is interesting on several aspects like the use of a perfectly valid signed binary in order to perform its attack. It also features mechanisms in order to defeat protection like Windows UAC (User Account Control).
The purpose of the analysis is to improve the detection at the potential victims site but review the security measures in place within other organization to limit the impact of such targeted attack.
You may download the complete PlugX analysis report from HERE. CIRCL recommends private organization or any potential targets to verify the Indicator of Compromise (IOC) contained in the report to detect any potential infection. CIRCL can be contacted in case of detection.
The review the infection process of PlugX in order to assess the security measures taken into an organization.The infection process is fully described in the PlugX analysis report.
No comments:
Post a Comment