PlugX

GPTKB entity

Statements (52)
Predicate Object
gptkbp:instanceOf Remote Access Trojan
gptkbp:abilities gptkb:remote_control
Command execution
Keylogging
Persistence
Screen capture
DLL side-loading
File exfiltration
Process manipulation
gptkbp:alsoKnownAs gptkb:Korplug
gptkbp:C2Communication gptkb:HTTP
gptkb:TCP
gptkb:UDP
HTTPS
gptkbp:category malware
Cyber espionage tool
gptkbp:detects Antivirus software
Endpoint detection and response
gptkbp:discoveredBy 2008
https://www.w3.org/2000/01/rdf-schema#label PlugX
gptkbp:operatingSystem gptkb:Windows
gptkbp:origin gptkb:China
gptkbp:programmingLanguage gptkb:C++
gptkbp:signature Command and control communication
Customizable plugins
DLL side-loading
Encrypted configuration
Persistence via registry
gptkbp:spreadTo Malicious attachments
Phishing emails
Supply chain attacks
Watering hole attacks
gptkbp:target gptkb:NGOs
Telecommunications
Energy sector
Private companies
Military organizations
Government organizations
gptkbp:usedBy gptkb:APT3
gptkb:GALLIUM
gptkb:Mustang_Panda
gptkb:APT10
gptkb:APT27
gptkb:Naikon
cathedral
gptkbp:usesMalware gptkb:QuasarRAT
gptkb:ShadowPad
gptkb:Poison_Ivy
gptkb:Backdoor
Modular
gptkbp:bfsParent gptkb:APT46
gptkbp:bfsLayer 6