ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool MPKBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MPKBot

NamesMPKBot
MPK
CategoryMalware
TypeBackdoor, Info stealer
Description(Palo Alto) We also found a second IRC bot called MPK using the same IP for its C2 server that a Leash sample was hosted on. This MPK IRC bot is very similar to the MPK Trojan that used a custom C2 communications protocol, as detailed in a whitepaper by CheckPoint regarding a threat group called Rocket Kitten. We believe this version of the MPK Trojan is based on the same code base, as both the IRC version and the one referenced in the white paper have considerable similarities from a behavior standpoint as well as direct code overlap.
Information<https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/>
<https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.mpkbot>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:MPKBot>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

Previous: MOVEit Freely
Next: MS Exchange Tool

All groups using tool MPKBot

ChangedNameCountryObserved

APT groups

 Cutting Kitten, TG-2889Iran2012-Mar 2016X
 Magic Hound, APT 35, Cobalt Gypsy, Charming KittenIran2013-Dec 2020 HOTX

2 groups listed (2 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key