Interactive Demo
The AlienVault Blogs: Taking On Today’s Threats
Latest

The most recent posts from across the AlienVault blogs.

Labs

Late-breaking discoveries and in-depth analysis.

How-To

Practical, how-to advice, tips and guidance.

Hot

Perspectives on trends and industry happenings.

Tag: Plugx

Posted in Labs Blog

Yesterday FireEye reported about a new Zero-Day affecting Adobe Flash that is being exploited in the wild and Adobe issued a security update regarding the vulnerability. Several websistes were redirecting visitors to a malicious server containing the exploit including: Peterson Institute for International Economics American Research Center in Egypt Smith Richardson Foundation as reported by FireEye. The malicious Flash… Read more

Posted in:
Tags: plugx, 0day, internet explorer, zeroday, office, flash, aslr

Posted in Labs Blog

As we related in our previous blog post¬†the latest Internet Explorer ZeroDay¬†is being used to target specific sectors including the Defence and Industrial ones. Following our investigations on the servers found serving the Internet Explorer Zeroday and using OSINT, we were able to use the WHOIS mail address and the ip addresses used by the attackers to find… Read more

Posted in: Attacks, Malware, Exploits, Snort, APT
Tags: plugx, 0day, internet explorer, defence, ics

Posted in Labs Blog

Some hours ago my friend PhysicalDrive0 pointed me to a new version of Moh2010.swf that was found in the wild as part of some content exploiting the last Internet Explorer Zeroday. The exploit code was being served on www.nod32XX.com hosted on: The exploit scheme is the same one, the original vector is hosted under /Exploit.html.… Read more

Posted in: Attacks, Exploits, APT
Tags: plugx, internet explorer, zeroday, flowershow, whg

Posted in Labs Blog

Some days ago, TrendMicro published some information about a new version of a RAT called PlugX. From the last few months we have been tracking a group using the PlugX RAT that has been attacking different targets especially in Japan, Taiwan, Korea and against Tibetan organizations and individuals. In this post we will focus on the intelligence we have extracted… Read more

Posted in: News, Attacks, APT
Tags: apt, plugx, rat, thoper, sogu, tvt