ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Poison Ivy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Poison Ivy

NamesPoison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
Breut
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
DescriptionPoison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-variant.html>
<https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii>
<http://contagiodump.blogspot.com/2010/01/jan-17-trojan-darkmoonb-exe-haiti.html>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/>
<https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/>
<https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html>
<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/>
<http://blogs.360.cn/post/APT_C_01_en.html>
<https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/>
MITRE ATT&CK<https://attack.mitre.org/software/S0012/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.darkmoon>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Poison%20Ivy>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

All groups using tool Poison Ivy

ChangedNameCountryObserved

APT groups

 Anchor Panda, APT 14China2012 
 APT 6China2011 
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 20, Violin PandaChina2014-2017 
 Axiom, Group 72China2008-2008/2014 
 BookwormChina2015 
 Comment Crew, APT 1China2006-May 2018X
 DragonOKChina2015-Jan 2017 
 Dust StormChina2010 
 GalliumChina2018 
 IronHuskyChina2017 
 MoafeeChina2014 
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 
 Mustang Panda, Bronze PresidentChina2014-Mar 2020 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Nitro, Covert GroveChina2011-Jul 2014 
 PittyTiger, Pitty PandaChina2011-2014 
 PKPLUGChina2016-Mar 2021 
 RedDeltaChina2020-Mar 2021 
 RedFoxtrotChina2014 
 SiestaChina2014 
 Stone Panda, APT 10, menuPassChina2006-Feb 2021X
 TA428China2013-May 2021 
 Temper Panda, admin@338China2014 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Apr 2020 

25 groups listed (25 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key