PlugX & QuasarRat still in the game
Investigation started with discovery of new iteration of PlugX implant, which was created around November 2018 and uploaded to file scanning services, together with similar malware, in the early January 2019.
Pivoting by the IP address of suspected C2 server enabled discovery of additional malware samples: QuasarRat, and one family that has not yet been identified at the time. Analysis of those files revealed that implants were designed as information gathering tools, and included functionality that enabled the capturing of credentials for network-based logons.
Download the whitepaper to learn about the recommendations from the Atos Threat Intelligence team.