Last year, we reported about PlugX a breed of Remote Access Trojan (RAT) used in certain high-profile APT campaigns. We also noted some of its noteworthy techniques, which include its capability to hide its malicious codes by decrypting and loading a backdoor “executable file” directly into memory, without the need to drop the actual “executable […]
We’re currently investigating several file infectors that have affected several countries, particularly Australia. Trend Micro detects these as PE_XPAJ.C, PE_XPAJ.C-1, PE_XPAJ.C-2, and PE_XPAJ.C-O.Based on our initial analysis, these PE_XPAJ variants connect to the following C&C servers to send and receive information: {BLOCKED}.{BLOCKED}.162.208:35516 {BLOCKED}.{BLOCKED}.152.218:35516 {BLOCKED}.{BLOCKED}.71.249:35516 {BLOCKED}.{BLOCKED}.60.108:35516 {BLOCKED}.{BLOCKED}.123.153:35516 {BLOCKED}.{BLOCKED}.132.25:35516 {BLOCKED}.{BLOCKED}.16.5:389 {BLOCKED}.{BLOCKED}.0.1:1056 {BLOCKED}.{BLOCKED}.16.9 {BLOCKED}.{BLOCKED}.16.10 {BLOCKED}.{BLOCKED}.183.224:35516 {BLOCKED}.{BLOCKED}.0.1:1070 {BLOCKED}.{BLOCKED}.16.12:389 {BLOCKED}.{BLOCKED}.4.250:80 […]
Latest Comments