Palo Alto Networks’ Unit 42 threat intelligence team says it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers. The latest sample of PlugX comes equipped with a variety of plug-ins that “provide attackers various capabilities to monitor, update and interact with the compromised system to fulfil their objectives,” the researchers said. The earliest THOR sample uncovered was from August 2019, and it is the earliest known instance of the rebranded code.
Source: https://thehackernews.com/2021/07/chinese-hackers-implant-plugx-variant.html