Threats Tagged 'rc4-encryption'
View all threats tagged with 'rc4-encryption'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'rc4-encryption'
Click on any threat for detailed analysis and mitigation recommendations
The Latest PlugX Variant Executed by STATICPLUGIN 0 In January 2026, a new variant of the PlugX malware was observed being used in targeted attacks. Analysis suggests involvement of the UNC6384 APT group, linked to Mustang Panda, targeting government agencies in Southeast Asia. The malware uses a browser updater disguise to download and execute a malicious MSI file, leading to PlugX infection. The STATICPLUGIN downloader uses a revoked code-signing certificate from a Chinese company. The PlugX variant employs DLL sideloading and shellcode execution techniques. Its configuration is encrypted using RC4 and custom encoding. C2 servers were identified as fruitbrat[.]com and 108.165.255[.]97:443. The ongoing improvements to PlugX indicate its continued use in targeted attacks by APT groups. Join the discussion | AlienVault OTX General | 02/25/2026, 11:36:09 UTC Added: 02/25/2026, 11:55:36 UTC |
Showing 1 to 1 of 1 result