Chinese APT RedDelta spotted with potentially updated/new version of PlugX RAT
released on 2020-12-04 @ 09:10:55 PM
Malware researcher @XOR_Hex has identified a possibly new or updated PlugX RAT potentially linked to the Chinese APT group RedDelta. This version of the PlugX RAT config file contains a value of "mfa-mmrs", which is inserted into the text storing the machine's fingerprint. Additionally, this version of PlugX RAT decrypts its .dat file with a 17 byte key versus a 10 byte key.