Statements (52)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Remote Access Trojan
|
gptkbp:abilities |
gptkb:remote_control
Command execution Keylogging Persistence Screen capture DLL side-loading File exfiltration Process manipulation |
gptkbp:alsoKnownAs |
gptkb:Korplug
|
gptkbp:C2Communication |
gptkb:HTTP
gptkb:TCP gptkb:UDP HTTPS |
gptkbp:category |
malware
Cyber espionage tool |
gptkbp:detects |
Antivirus software
Endpoint detection and response |
gptkbp:discoveredBy |
2008
|
https://www.w3.org/2000/01/rdf-schema#label |
PlugX
|
gptkbp:operatingSystem |
gptkb:Windows
|
gptkbp:origin |
gptkb:China
|
gptkbp:programmingLanguage |
gptkb:C++
|
gptkbp:signature |
Command and control communication
Customizable plugins DLL side-loading Encrypted configuration Persistence via registry |
gptkbp:spreadTo |
Malicious attachments
Phishing emails Supply chain attacks Watering hole attacks |
gptkbp:target |
gptkb:NGOs
Telecommunications Energy sector Private companies Military organizations Government organizations |
gptkbp:usedBy |
gptkb:APT3
gptkb:GALLIUM gptkb:Mustang_Panda gptkb:APT10 gptkb:APT27 gptkb:Naikon cathedral |
gptkbp:usesMalware |
gptkb:QuasarRAT
gptkb:ShadowPad gptkb:Poison_Ivy gptkb:Backdoor Modular |
gptkbp:bfsParent |
gptkb:APT46
|
gptkbp:bfsLayer |
6
|