New Korplug Variant Discovered

The Korplug RAT (also known as PlugX) is a spyware that has previously been associated with Chinese APT organizations and has been linked to targeted assaults on significant institutions in a number of different countries.

The RAT functionality of the variation utilized in the most recent campaign is mostly consistent with the RAT feature of prior Korplug variants.

Hodur has a few more commands and properties and as a result, it may gather vast system information while also running commands and reading and writing arbitrary files, as well as launching remote cmd[.]exe sessions.

What Happened?

An ongoing cyberespionage effort using a previously undisclosed variation of the PlugX remote access tool (RAT) has been detected. The new PlugX version was given the name Hodur by ESET researchers because it resembled another PlugX variation known as THOR.

ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. This is the third time in as many weeks that ESET researchers have spotted previously unknown data wiping malware taking aim at Ukrainian organizations.

The current campaign exploits the war in Ukraine and other European news topics. Known victims include research entities, internet service providers (ISPs), and European diplomatic

Read More: