ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Poison Ivy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Poison Ivy

NamesPoison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
Breut
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
DescriptionPoison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-variant.html>
<https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii>
<http://contagiodump.blogspot.com/2010/01/jan-17-trojan-darkmoonb-exe-haiti.html>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/>
<https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/>
<https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html>
<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/>
<http://blogs.360.cn/post/APT_C_01_en.html>
<https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/>
MITRE ATT&CK<https://attack.mitre.org/software/S0012/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.darkmoon>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Poison%20Ivy>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

All groups using tool Poison Ivy

ChangedNameCountryObserved

APT groups

 Anchor Panda, APT 14China2012 
 APT 6China2011 
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 20, Violin PandaChina2014-2017 
 Axiom, Group 72China2008-2008/2014 
 BookwormChina2015 
 Comment Crew, APT 1China2006-May 2018X
 DragonOKChina2015-Jan 2017 
 Dust StormChina2010 
 GalliumChina2018 
 IronHuskyChina2017 
 MoafeeChina2014 
XMolerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 HOT 
 Mustang Panda, Bronze PresidentChina2014-Mar 2020 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Nitro, Covert GroveChina2011-Jul 2014 
 PittyTiger, Pitty PandaChina2011-2014 
 PKPLUGChina2016 
XRedDeltaChina2020-Mar 2021 HOT 
 SiestaChina2014 
XStone Panda, APT 10, menuPassChina2006-Feb 2021 HOTX
XTA428China2019-Dec 2020 
 Temper Panda, admin@338China2014 
XTropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Apr 2020 

24 groups listed (24 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents
Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key