Remote Access Trojan
PlugX
First seen: 2008-01 • Status: active
Currently Active Threat
PlugX is a Chinese hacking tool used for spying. It has been around for 15+ years and is still actively used today.
Overview
PlugX is a modular RAT widely used by Chinese APT groups. It has been used in espionage campaigns for over 15 years.
Also Known As
Korplug, Destroy RAT
How It Spreads
- • Spear-phishing
- • DLL side-loading
- • Watering holes
What It Does
- • Remote access
- • File theft
- • Keylogging
- • Screen capture
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for DLL side-loading
- • Watch for PlugX C2 patterns
MITRE ATT&CK Techniques
T1574, T1056, T1005
If You're Infected
- 1.
Engage nation-state incident response
- 2.
Audit for Chinese APT activity
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required