ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Poison Ivy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Poison Ivy

NamesPoison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
Breut
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
DescriptionPoison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-variant.html>
<https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii>
<http://contagiodump.blogspot.com/2010/01/jan-17-trojan-darkmoonb-exe-haiti.html>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/>
<https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/>
<https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html>
<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/>
<http://blogs.360.cn/post/APT_C_01_en.html>
<https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/>
MITRE ATT&CK<https://attack.mitre.org/software/S0012/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.darkmoon>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Poison%20Ivy>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

Previous: PoisonCarp
Next: Poldat

All groups using tool Poison Ivy

ChangedNameCountryObserved

APT groups

 Anchor Panda, APT 14China2012 
 APT 6China2011 
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 20, Violin PandaChina2014-2017 
 Axiom, Group 72China2008-2008/2014 
 BookwormChina2015 
 Comment Crew, APT 1China2006-May 2018X
 DragonOKChina2015-Jan 2017 
 Dust StormChina2010 
 GalliumChina2018 
 IronHuskyChina2017 
 MoafeeChina2014 
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Apr 2021 
 Mustang Panda, Bronze PresidentChina2014-Mar 2020 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Nitro, Covert GroveChina2011-Jul 2014 
 PittyTiger, Pitty PandaChina2011-2014 
 PKPLUGChina2016-Mar 2021 
 RedDeltaChina2020-Mar 2021 
 RedFoxtrotChina2014 
 SiestaChina2014 
 Stone Panda, APT 10, menuPassChina2006-Feb 2021X
 TA428China2013-May 2021 
 Temper Panda, admin@338China2014 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Apr 2020 

25 groups listed (25 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key