TIPS#11 New PlugX Fingerprint-THOR

Mike Harbison (Unit 42 Threat Intelligence, Palo Alto Networks)

In March this year, a vulnerability in Microsoft Exchange Server caused the Internet to go into patch and protect mode. While monitoring for this vulnerability, Unit 42 researchers observed actors not using the traditional Cobalt Strike implant, but a revised 13-year-old RAT, PlugX.

Mike Harbison

Unit 42 Threat Intelligence, Palo Alto Networks

Mr. Harbison has been a part of the security community for over 17 years, with experience in both the public and private sector, working in cyber threat intelligence and serving as a subject matter expert to multiple US federal agencies. He holds several technical certifications, is a certified forensic examiner, and has a Bachelor of Science degree in computer forensics. Since age 12, Mr. Harbison has been studying code and continues that today as a reverse engineer for Palo Alto Networks' Unit 42. He has a strong curiosity to understand his work at the deepest level, and a desire to bring awareness to the growing threats in cyberspace and educate the public on ways to improve security practices.