Palo Alto Networks

KBLogger

Bookworm Trojan: A Model of Modular Architecture

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have dubbed Bookworm and track in Autofocus using the tag Bookworm.

Bookworm’s functional code is radically different from PlugX and has a rather unique modular archite...

Malware
Threat Prevention
Unit 42
Nov 10, 2015
By , and

Palo Alto Networks

Announcements
Company & Culture
Points of View
Public Sector
Products and Services
Partners

Subscribe to Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links