Statements (52)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Remote Access Trojan
|
| gptkbp:abilities |
gptkb:remote_control
Command execution Keylogging Persistence Screen capture DLL side-loading File exfiltration Process manipulation |
| gptkbp:alsoKnownAs |
gptkb:Korplug
|
| gptkbp:C2Communication |
gptkb:HTTP
gptkb:TCP gptkb:UDP HTTPS |
| gptkbp:category |
malware
Cyber espionage tool |
| gptkbp:detects |
Antivirus software
Endpoint detection and response |
| gptkbp:discoveredBy |
2008
|
| https://www.w3.org/2000/01/rdf-schema#label |
PlugX
|
| gptkbp:operatingSystem |
gptkb:Windows
|
| gptkbp:origin |
gptkb:China
|
| gptkbp:programmingLanguage |
gptkb:C++
|
| gptkbp:signature |
Command and control communication
Customizable plugins DLL side-loading Encrypted configuration Persistence via registry |
| gptkbp:spreadTo |
Malicious attachments
Phishing emails Supply chain attacks Watering hole attacks |
| gptkbp:target |
gptkb:NGOs
Telecommunications Energy sector Private companies Military organizations Government organizations |
| gptkbp:usedBy |
gptkb:APT3
gptkb:GALLIUM gptkb:Mustang_Panda gptkb:APT10 gptkb:APT27 gptkb:Naikon cathedral |
| gptkbp:usesMalware |
gptkb:QuasarRAT
gptkb:ShadowPad gptkb:Poison_Ivy gptkb:Backdoor Modular |
| gptkbp:bfsParent |
gptkb:APT46
|
| gptkbp:bfsLayer |
6
|