Apr 13 · 7 min read · Originally published on satyamrastogi.com Analysis of PlugX RAT distribution through counterfeit Claude website. Exploitation chain combines DLL sideloading with supply chain targeting. Attack methodology, detection evasion, and hardening strategies...
Join discussion
Mar 14, 2025 · 7 min read · I. Overview II. Analysis 1. Locate suspicious files Use msitool to extract msidump -s -t mal.msi. In File.idt, we can see that there are 3 embed file. These files are extracted to %LOCALAPPDATA\kjnBsLsJo\ 2024Contact.exe security.dll contactDB.dat ...
Join discussionJan 20, 2025 · 4 min read · Summary Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed arou...
Join discussion
