Additional Threat Detections
We've added new threat detections to our portfolio, including:
-
Private Loader
-
PlugX
We’ve also updated indicators for our existing threat detections.
Private Loader
Private Loader is a modular downloader that distributes information stealers, banking Trojans, ransomware, and other loaders. This malware was first seen in 2021 and is still active. Private Loader is distributed using malicious links (T1204.001) that distribute cracked software and games. Once the victim downloads and executes the file (T1204.002), the victim's device contacts a dead drop resolver (T1102.001). Private Loader contacts the command-and-control server (T1071.001) and downloads other payloads (T1105).
To see if Private Loader has been detected in your environment, click Private Loader Threat Detail to view its details in global threat alerts.
PlugX
PlugX (S0013) is a remote access Trojan, often leveraged by Chinese threat actors. It is similar to PoisonIvy (S0012), with a modular structure. PlugX can hide itself within the recycle bin (T1564.001) of the victim's device. It can also abuse benign software to side-load malicious DLLs (T1574.002). It is capable of replicating itself to multiple directories (T1091) and can gain persistence through scheduled tasks (T1053.005).
To see if PlugX has been detected in your environment, click PlugX Threat Detail to view its details in global threat alerts.