Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Поиск
Вход Регистрация
MITRE ATT&CK - Инструмент PlugX
Риски
Каталоги
MITRE ATT&CK
Инструмент
PlugX
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

PlugX

PlugX is a remote access tool (RAT) with modular plugins that has been used by multiple threat groups.(Citation: Lastline PlugX Analysis)(Citation: FireEye Clandestine Fox Part 2)(Citation: New DragonOK)(Citation: Dell TG-3390)
ID: S0013
Associated Software: Thoper
Type: MALWARE
Platforms: Windows
Version: 3.2
Created: 31 May 2017
Last Modified: 04 Apr 2025

Associated Software Descriptions
Name Description
Thoper (Citation: Novetta-Axiom)

Groups That Use This Software
ID Name References
G1047 Velvet Ant

(Citation: Sygnia VelvetAnt 2024A)

G1034 Daggerfly

(Citation: Symantec Daggerfly 2023)

G0096 APT41

(Citation: FireEye APT41 Aug 2019) (Citation: apt41_mandiant)

G0022 APT3

(Citation: FireEye Clandestine Fox Part 2)

G0126 Higaisa

(Citation: Malwarebytes Higaisa 2020)

G0027 Threat Group-3390

(Citation: SecureWorks BRONZE UNION June 2017) (Citation: Dell TG-3390) (Citation: Profero APT27 December 2020) (Citation: Trend Micro DRBControl February 2020) (Citation: Nccgroup Emissary Panda May 2018)

G1021 Cinnamon Tempest

(Citation: Dell SecureWorks BRONZE STARLIGHT Profile)

G0093 GALLIUM

(Citation: Cybereason Soft Cell June 2019)

G0001 Axiom

(Citation: Cisco Group 72) (Citation: Novetta-Axiom)

G0045 menuPass

(Citation: FireEye APT10 April 2017) (Citation: PWC Cloud Hopper Technical Annex April 2017) (Citation: DOJ APT10 Dec 2018)

G0062 TA459

(Citation: Proofpoint TA459 April 2017)

G1014 LuminousMoth

(Citation: Bitdefender LuminousMoth July 2021) (Citation: Kaspersky LuminousMoth July 2021)

G0017 DragonOK

(Citation: New DragonOK)

G0044 Winnti Group

(Citation: Kaspersky Winnti April 2013)

G0129 Mustang Panda

(Citation: Crowdstrike MUSTANG PANDA June 2018) (Citation: Anomali MUSTANG PANDA October 2019) (Citation: Secureworks BRONZE PRESIDENT December 2019) (Citation: Avira Mustang Panda January 2020) (Citation: Recorded Future REDDELTA July 2020) (Citation: Proofpoint TA416 Europe March 2022)

References

  1. Scott, M.. (2014, June 10). Clandestine Fox, Part Deux. Retrieved January 14, 2016.
  2. Computer Incident Response Center Luxembourg. (2013, March 29). Analysis of a PlugX variant. Retrieved November 5, 2018.
  3. FireEye iSIGHT Intelligence. (2017, April 6). APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat. Retrieved June 29, 2017.
  4. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
  5. Huss, D., et al. (2017, February 2). Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX. Retrieved April 5, 2018.
  6. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  7. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  8. Vasilenko, R. (2013, December 17). An Analysis of PlugX Malware. Retrieved November 24, 2015.
  9. Stewart, A. (2014). DLL SIDE-LOADING: A Thorn in the Side of the Anti-Virus Industry. Retrieved November 12, 2014.
  10. Global Threat Center, Intelligence Team. (2020, December). APT27 Turns to Ransomware. Retrieved November 12, 2021.
  11. Sygnia Team. (2024, June 3). China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence. Retrieved March 14, 2025.
  12. Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
  13. Raggi, M. et al. (2022, March 7). The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates. Retrieved March 16, 2022.
  14. Miller-Osborn, J., Grunzweig, J.. (2015, April). Unit 42 Identifies New DragonOK Backdoor Malware Deployed Against Japanese Targets. Retrieved November 4, 2015.
  15. Lancaster, T. and Idrizovic, E.. (2017, June 27). Paranoid PlugX. Retrieved July 13, 2017.
  16. Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
  17. Lancaster, T., Idrizovic, E. (2017, June 27). Paranoid PlugX. Retrieved April 19, 2019.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.