Alias Description | Votes |
---|---|
ShadowPad is a possible alias for PlugX. ShadowPad is a sophisticated malware, known for its use in supply chain attacks, particularly against government entities in South Asia. This modular backdoor, which has been active for approximately seven years, is popular among Chinese threat actors. It was notably used as the payload in an attack | 9 |
Korplug is a possible alias for PlugX. Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in | 6 |
Winnti is a possible alias for PlugX. Winnti is a threat actor group known for its malicious activities, primarily originating from Chinese Advanced Persistent Threat (APT) operational infrastructure. The group, which has been active since at least 2007, was first spotted by Kaspersky in 2013. It is associated with several aliases such | 4 |
Doplugs is a possible alias for PlugX. DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U | 3 |
Hodur is a possible alias for PlugX. Hodur is a sophisticated malware variant of Korplug (also known as PlugX), often deployed by China-aligned threat actors, such as the Mustang Panda group. The malware is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once in | 2 |
Paranoid Plugx is a possible alias for PlugX. Paranoid PlugX is a sophisticated malware designed to exploit and damage computer systems, often infiltrating without the user's knowledge. It typically enters a system through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even | 2 |
Killsomeone is a possible alias for PlugX. KillSomeOne is a highly potent malware that has been integrated with various variants of the PlugX malware, a notorious backdoor Trojan. The first variant of this integration was discovered in 2018, as part of a DOPLUGS variant, which showcased the KillSomeOne module's capabilities. This malware ope | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Black Basta Malware is associated with PlugX. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses | Unspecified | 3 |
The KEYPLUG Malware is associated with PlugX. KeyPlug is a sophisticated malware developed by APT41, also known as the Chinese RedGolf Group. It's written in C++ and supports multiple network protocols for command and control (C2) traffic, including HTTP, TCP, KCP over UDP, and WSS. The malware was primarily used to target Windows systems, spec | Unspecified | 2 |
The Brute Ratel Malware is associated with PlugX. Brute Ratel C4 (BRc4) is a potent malware that has been used in various cyber-attacks over the past 15 years. The malware infects systems through deceptive MSI installers, which deploy the BRc4 by disguising the payload as legitimate software such as vierm_soft_x64.dll under rundll32 execution. Vari | Unspecified | 2 |
The Meterpreter Malware is associated with PlugX. Meterpreter is a type of malware that acts as an attack payload within the Metasploit framework, providing threat actors with an interactive shell to control and execute code on a compromised system. The malware is often deployed covertly through suspicious downloads, emails, or websites. Once insta | Unspecified | 2 |
The Poison Ivy Malware is associated with PlugX. Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d | Unspecified | 2 |
The China Chopper Malware is associated with PlugX. China Chopper is a well-known malware that has been used extensively by Chinese-speaking actors, including the BRONZE UNION group. The malware is designed to exploit and damage computer systems, often without the knowledge of the user. It can infiltrate systems through suspicious downloads, emails, | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Mustang Panda Threat Actor is associated with PlugX. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif | Unspecified | 5 |
The BRONZE PRESIDENT Threat Actor is associated with PlugX. Bronze President, a Chinese-state-sponsored APT group also known as Mustang Panda, has been identified as a significant threat actor in data theft campaigns. The group has deployed a variety of remote access tools, including Cobalt Strike and RCSession, to steal data from targeted organizations. Bro | Unspecified | 3 |
The RedDelta Threat Actor is associated with PlugX. RedDelta, also known as Bronze President, is a threat actor that has been conducting cyber-espionage attacks since 2014. It is one of the likely Ministry of State Security (MSS)-linked groups which include APT10, APT17, APT27, APT40, APT41, TAG-22, and RedBravo among others. The organization's activ | Unspecified | 3 |
The Redgolf Threat Actor is associated with PlugX. RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the | Unspecified | 2 |
The Bronze Starlight Threat Actor is associated with PlugX. Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig | Unspecified | 2 |
The APT41 Threat Actor is associated with PlugX. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi | Unspecified | 2 |
The Mustangpanda Threat Actor is associated with PlugX. MustangPanda is a threat actor, or malicious entity, that has been active since at least 2012. Known for its sophisticated cyber-attacks, MustangPanda has targeted American and European entities including government organizations, think tanks, non-governmental organizations (NGOs), and even Catholic | Unspecified | 2 |
The Lancefly Threat Actor is associated with PlugX. Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto | Unspecified | 2 |
The APT10 Threat Actor is associated with PlugX. APT10, also known as Menupass, is a sophisticated threat actor believed to operate on behalf of the Chinese Ministry of State Security (MSS). This group has been associated with numerous cyber espionage campaigns targeting various sectors globally. Recent analysis suggests a link between APT10 and o | Unspecified | 2 |
The TA416 Threat Actor is associated with PlugX. TA416 is an advanced persistent threat (APT) group that targets organizations globally with customized versions of the PlugX malware. TA416 has used a distinct installation method of a PE dropper to retrieve Trident loaded payload components using a legitimate PE and a DLL loader file to load a Plug | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
ESET | 3 months ago | ||
Checkpoint | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
Securelist | 4 months ago | ||
Securityaffairs | 4 months ago | ||
Securityaffairs | 5 months ago | ||
Securityaffairs | 5 months ago | ||
BankInfoSecurity | 6 months ago | ||
Securityaffairs | 6 months ago | ||
DARKReading | 6 months ago | ||
BankInfoSecurity | 7 months ago | ||
Unit42 | 7 months ago | ||
DARKReading | 7 months ago | ||
ESET | 8 months ago | ||
DARKReading | 9 months ago | ||
Trend Micro | 9 months ago | ||
Unit42 | 10 months ago | ||
CERT-EU | 10 months ago | ||
CERT-EU | 10 months ago |