|
gptkbp:instanceOf
|
gptkb:Remote_Access_Trojan
|
|
gptkbp:abilities
|
gptkb:remote_control
Command execution
Keylogging
Persistence
Screen capture
DLL side-loading
File exfiltration
Process manipulation
|
|
gptkbp:alsoKnownAs
|
gptkb:Korplug
|
|
gptkbp:C2Communication
|
gptkb:HTTP
gptkb:TCP
gptkb:UDP
HTTPS
|
|
gptkbp:category
|
gptkb:malware
Cyber espionage tool
|
|
gptkbp:detects
|
Antivirus software
Endpoint detection and response
|
|
gptkbp:discoveredBy
|
2008
|
|
gptkbp:operatingSystem
|
gptkb:Windows
|
|
gptkbp:origin
|
gptkb:China
|
|
gptkbp:programmingLanguage
|
gptkb:C++
|
|
gptkbp:signature
|
Command and control communication
Customizable plugins
DLL side-loading
Encrypted configuration
Persistence via registry
|
|
gptkbp:spreadTo
|
Malicious attachments
Phishing emails
Supply chain attacks
Watering hole attacks
|
|
gptkbp:target
|
gptkb:NGOs
Telecommunications
Energy sector
Private companies
Military organizations
Government organizations
|
|
gptkbp:usedBy
|
gptkb:APT3
gptkb:GALLIUM
gptkb:Mustang_Panda
gptkb:cathedral
gptkb:APT10
gptkb:APT27
gptkb:Naikon
|
|
gptkbp:usesMalware
|
gptkb:QuasarRAT
gptkb:ShadowPad
gptkb:Poison_Ivy
gptkb:Backdoor
Modular
|
|
gptkbp:bfsParent
|
gptkb:APT46
|
|
gptkbp:bfsLayer
|
6
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
PlugX
|