Stack overflow in PlugX RAT-vulnerability warning-the black bar safety net

Black Hat USA 2017@professorplum share a few rare RAT（Xtreme, the PlugX And Gh0st in the presence of flaws, the application of these flaws to be able to reverse the onslaught of C&C Server, here in the PlugX RAT, for example, to stop flaws in elucidating it. 1. Flaws elucidating 1.1 Delphi ! Plug...

PlugX Controller Stack Buffer Overflow

This module exploits a stack buffer overflow in the PlugX Controller C2 server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'PlugX Controller Stack Buffer Overflow',...

APT Threat Targets Tibetans, Journalists and Human Rights Workers

Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File RTF documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back ...

ASERT Threat Intelligence Report 2015-05 PlugX Threat Activity in Myanmar-vulnerability warning-the black bar safety net

0x01 summary Myanmar is currently one engaged in important political activity of the country. 2 0 1 1 years of democratic reform is to help the government create a conducive to attract investors to the atmosphere. The country is rich in resources, has a variety of Natural Resources and stable...

Researchers: PlugX More Prominent Than Ever

Existing in some form since 2008, the popular remote access tool PlugX has as notorious a history as any malware, but according to researchers the tool saw a spike of popularity in 2014 and is the go-to malware for many adversary groups. Many attacks, especially those occurring during the latter...

Threat Outbreak Alert: Fake Software Offer Email Messages on March 3, 2014

Medium Alert ID: 33167 First Published: 2014 March 4 21:09 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an attachment for the recipient. The text in the email message attempts to convince the recipient to open the...

IE Zero-Day Watering Hole Attack Expands to Handful of Political Sites

The scope of watering hole attacks utilizing a previously unreported vulnerability in Internet Explorer has widened to as many as four new sites, all of them with politically charged leanings. The attacks further demonstrate the effectiveness of watering hole attacks compared to phishing attacks...

New Mac Malware 'Dockster' Found on Dalai Lama site

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website gyalwarinpoche.com dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal...

PlugX is Becoming Mature

By Dmitry Tarakanov Recently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”. Researchers have even tracked someone suspected of creating that malware – one of the members of the Chinese hacking group NCPH, whic...

Microsoft Will Patch IE Zero-Day on Friday; Fixit Available as Stopgap

Microsoft announced last night it would issue an out-of-band patch on Friday for a zero-day Internet Explorer vulnerability disclosed earlier this week. In the meantime, Microsoft made a FixIt available on Wednesday that would temporarily mitigate the threat posed by active exploits found in the...

Researcher Finds Three New Exploits Targeting Latest IE Zero-Day

A researcher at AlienVault has discovered three new servers delivering exploits targeting the latest zero-day vulnerability in Internet Explorer. Jamie Blasco, AlienVault Labs manager, said the one of the servers is delivering a new malware payload, and all of them appear to be targeting defense...

Plugx RAT targeting government organizations in Japan using spear phishing

Roland Dela Paz Threat Researcher at TrendMirco reported that last year a Malware Campaign to target specific users in Japan, China, and Taiwan once again on rise using new breed of Remote Access Tool RAT called Plugx also known as Korplug. This new custom made version comes for less recognition...