Skip to content

81 results in Threat Encyclopedia: “BKDR_PLUGX”
Showing Results : 1 - 10
      NextNext Page
...files: %All Users Profile%\DRM\DSSM\DSSM.exe%All Users Profile%\DRM\DSSM\MSO.dll -detected as BKDR_PLUGX.DUKLS%All Users Profile%\DRM\DSSM\{random}(Note: %All Users Profile% is the All Users folder, where...
...a user's keystrokes to steal information. Arrival DetailsThis backdoor may be dropped by the following malware: BKDR_PLUGX.SMEInstallationThis backdoor drops the following files: All Users' %User Profile%\Gf\boot.ldr - detected...
...doc%Application Data%\{random letter}{random digits}{random letter}\mpsvc.dll - also detected as BKDR_PLUGX.TOK(Note: %Application Data% is the current user's Application Data folder, which is usually C:\Documents...
...CommFunc.dll - detected as BKDR_PLUGX.DO%User Temp%\CommFunc.jax - detected as BKDR_PLUGX.DO%All Users Profile%\Camera...Camera\CommFunc.dll - detected as BKDR_PLUGX.DO %All Users Profile%\Camera...
...Profile%\DRM\EPWING\McUtil.dll - detected also as BKDR_PLUGX.GEL %All Users Profile%\DRM\EPWING\McUtil.dll.ping - detected also as BKDR_PLUGX.GEL %All Users Profile%\DRM\EPWING\{random...
...following files: %User Temp%\tmp2B.tmp - detected as BKDR_PLUGX.ZTBL-EC, executable image, will be deleted%User...and deleted%User Temp%\tmp2D.tmp - detected as BKDR_PLUGX.ZTBL-EC, dll image, will be deleted%Application...
...Temp%\RarSFX0\NvSmartMax.dll - also detected as BKDR_PLUGX.CA%User Temp%\RarSFX0\Nv.exe %System...System%\NvSmartMax.dll - (hidden) also detected as BKDR_PLUGX.CA%System%\Nv.exe - (hidden)(Note: %User...
...Temp%\RarSFX0\NvSmartMax.dll - also detected as BKDR_PLUGX.BT%User Temp%\RarSFX0\Nv.exe - deleted afterwards...Profile%\SxS\NvSmartMax.dll - also detected as BKDR_PLUGX.BT%All Users Profile%\SxS\Nv.exe%All Users...
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This malware is a remote access tool (RAT) known as PlugX. It is one of the most common malware used in carrying out targeted attacks. The targeted attacks it has been involved in are mostly directed towards government institutions in Japan.

Connect with us on