Alias Description | Votes |
---|---|
ShadowPad is a possible alias for PlugX. ShadowPad is a malicious software (malware) that has been in use since at least 2017, particularly among Chinese threat actors. This modular backdoor malware is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data for ransom. It typ | 9 |
Korplug is a possible alias for PlugX. Korplug, also known as PlugX, is a type of malware developed and utilized by the China-aligned Advanced Persistent Threat (APT) group, Mustang Panda. This malicious software is designed to infiltrate computer systems without detection, often through suspicious downloads, emails, or websites. Once in | 6 |
Winnti is a possible alias for PlugX. Winnti, a notorious threat actor group, has been linked to several sophisticated cyber-espionage activities. First identified by Kaspersky in 2013, it is believed that the group has been active since at least 2007, primarily targeting software supply chains to spread malware. Winnti is part of the A | 4 |
Doplugs is a possible alias for PlugX. DOPLUGS is a variant of the PlugX malware, developed and deployed by the China-linked Advanced Persistent Threat (APT) group Mustang Panda. Active since 2022, this unique malware has been used in targeted campaigns against various Asian countries including Taiwan, Vietnam, India, Japan, and China. U | 3 |
Hodur is a possible alias for PlugX. Hodur is a sophisticated malware variant of Korplug (also known as PlugX), often deployed by China-aligned threat actors, such as the Mustang Panda group. The malware is designed to exploit and damage computer systems, typically infiltrating through suspicious downloads, emails, or websites. Once in | 2 |
Paranoid Plugx is a possible alias for PlugX. Paranoid PlugX is a sophisticated malware designed to exploit and damage computer systems, often infiltrating without the user's knowledge. It typically enters a system through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even | 2 |
Killsomeone is a possible alias for PlugX. KillSomeOne is a highly potent malware that has been integrated with various variants of the PlugX malware, a notorious backdoor Trojan. The first variant of this integration was discovered in 2018, as part of a DOPLUGS variant, which showcased the KillSomeOne module's capabilities. This malware ope | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Black Basta Malware is associated with PlugX. Black Basta is a notorious malware and ransomware group known for its high-profile attacks on various sectors. The group, also known as Storm-0506, has been active since at least early 2022 and has accumulated over $107 million in Bitcoin ransom payments. It deploys malicious software to exploit vul | Unspecified | 3 |
The KEYPLUG Malware is associated with PlugX. KeyPlug is a sophisticated malware developed by APT41, also known as the Chinese RedGolf Group. It's written in C++ and supports multiple network protocols for command and control (C2) traffic, including HTTP, TCP, KCP over UDP, and WSS. The malware was primarily used to target Windows systems, spec | Unspecified | 2 |
The Brute Ratel Malware is associated with PlugX. Brute Ratel is a malicious software (malware) that has been increasingly used by cyber threat actors to exploit and damage computer systems. It is often delivered through suspicious downloads, emails, or websites and can infiltrate systems without the user's knowledge. Once inside, Brute Ratel can s | Unspecified | 2 |
The Meterpreter Malware is associated with PlugX. Meterpreter is a type of malware that is part of the Metasploit penetration testing software. It serves as an attack payload and provides an interactive shell, allowing threat actors to control and execute code on a compromised system. Advanced Persistent Threat (APT) actors have created and used a | Unspecified | 2 |
The Poison Ivy Malware is associated with PlugX. Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold d | Unspecified | 2 |
The China Chopper Malware is associated with PlugX. China Chopper is a notorious malware, a harmful program designed to exploit and damage computer systems. It has been primarily used by the threat actor group BRONZE UNION to establish connections to China Chopper web shells on compromised servers, as seen in multiple instances where its code was fou | Unspecified | 2 |
Alias Description | Association Type | Votes |
---|---|---|
The Mustang Panda Threat Actor is associated with PlugX. Mustang Panda, a China-aligned Advanced Persistent Threat (APT) group, has been identified as a significant cyber threat actor involved in a series of malicious activities. Notably, Mustang Panda was found to be associated with the BRONZE PRESIDENT phishing lure, which delivered PlugX and used modif | Unspecified | 5 |
The BRONZE PRESIDENT Threat Actor is associated with PlugX. Bronze President, a Chinese-state-sponsored APT group also known as Mustang Panda, has been identified as a significant threat actor in data theft campaigns. The group has deployed a variety of remote access tools, including Cobalt Strike and RCSession, to steal data from targeted organizations. Bro | Unspecified | 3 |
The RedDelta Threat Actor is associated with PlugX. RedDelta, also known as Bronze President, is a threat actor that has been conducting cyber-espionage attacks since 2014. It is one of the likely Ministry of State Security (MSS)-linked groups which include APT10, APT17, APT27, APT40, APT41, TAG-22, and RedBravo among others. The organization's activ | Unspecified | 3 |
The Redgolf Threat Actor is associated with PlugX. RedGolf, a Chinese state-sponsored threat activity group, has been actively targeting Windows and Linux systems with the KEYPLUG backdoor. This group's activities have been closely associated with other threat groups including APT41, Wicked Panda, Bronze Atlas, and Barium. The first known use of the | Unspecified | 2 |
The Bronze Starlight Threat Actor is associated with PlugX. Bronze Starlight, a Chinese threat actor group, has been linked to various malicious activities in the cybersecurity landscape. The group is known for deploying different types of ransomware payloads, including traditional ransomware schemes such as LockFile and name-and-shame models. Bronze Starlig | Unspecified | 2 |
The APT41 Threat Actor is associated with PlugX. APT41, also known as Winnti, Wicked Panda, and Brass Typhoon, is a threat actor suspected to be linked to China. This group has been active since at least 2012 and has targeted organizations in over 14 countries. They have used a variety of sophisticated techniques and malware, including at least 46 | Unspecified | 2 |
The Mustangpanda Threat Actor is associated with PlugX. MustangPanda is a threat actor, or malicious entity, that has been active since at least 2012. Known for its sophisticated cyber-attacks, MustangPanda has targeted American and European entities including government organizations, think tanks, non-governmental organizations (NGOs), and even Catholic | Unspecified | 2 |
The Lancefly Threat Actor is associated with PlugX. Lancefly, a threat actor potentially associated with China, has been identified as the group behind an ongoing cyberespionage campaign targeting organizations in South and Southeast Asia. The targets include government bodies, aviation companies, educational institutions, and telecommunication secto | Unspecified | 2 |
The APT10 Threat Actor is associated with PlugX. APT10, also known as Menupass Team or menuPass, is a Chinese cyber espionage group that has been active since at least 2006. The group is believed to operate on behalf of the Chinese Ministry of State Security (MSS). It primarily targets sectors such as construction and engineering, aerospace, telec | Unspecified | 2 |
The TA416 Threat Actor is associated with PlugX. TA416 is an advanced persistent threat (APT) group that targets organizations globally with customized versions of the PlugX malware. TA416 has used a distinct installation method of a PE dropper to retrieve Trident loaded payload components using a legitimate PE and a DLL loader file to load a Plug | Unspecified | 2 |
Preview | Source Link | CreatedAt | Title |
---|---|---|---|
ESET | 21 days ago | ||
Checkpoint | a month ago | ||
Securityaffairs | a month ago | ||
Securityaffairs | a month ago | ||
Securelist | 2 months ago | ||
Securityaffairs | 2 months ago | ||
Securityaffairs | 3 months ago | ||
Securityaffairs | 3 months ago | ||
BankInfoSecurity | 4 months ago | ||
Securityaffairs | 4 months ago | ||
DARKReading | 4 months ago | ||
BankInfoSecurity | 5 months ago | ||
Unit42 | 5 months ago | ||
DARKReading | 5 months ago | ||
ESET | 6 months ago | ||
DARKReading | 7 months ago | ||
Trend Micro | 7 months ago | ||
Unit42 | 8 months ago | ||
CERT-EU | 8 months ago | ||
CERT-EU | 8 months ago |