What We Do
How We Do
Get Started
Incident report

Proof of Concept Reveals PlugX Trojan Intrusion of 6+ Years

eSentire was conducting a proof of concept (POC) with a potential customer. We installed an MDR for Network sensor, which immediately triggered an alert in our Security Operations Center (SOC) for a Command and Control check in for a PlugX trojan. Based on this, eSentire received permission from the customer to install an MDR for Endpoint sensor on the machine that triggered the alert of a PlugX trojan, a remote access tool (RAT) that uses modular plugins. It is a common tool used by multiple cyber threat groups because it is complex and often evades typical cybersecurity measures.

Investigation revealed that legitimate antivirus (AV) software had been used to install the malicious trojan without being detected by the AV, through a technique called dll hijacking. The trojan had a lot of complexity and encryption, so that it did not appear malicious. It included a “do not execute until 2013” time code, revealing that the machine had been infected for several years.

Read this incident report to find out how eSentire isolated, investigated and removed the longstanding cyber threat in less than two weeks.

Get The Incident report