Names | MPKBot MPK | |
Category | Malware | |
Type | Backdoor, Info stealer | |
Description | (Palo Alto) We also found a second IRC bot called MPK using the same IP for its C2 server that a Leash sample was hosted on. This MPK IRC bot is very similar to the MPK Trojan that used a custom C2 communications protocol, as detailed in a whitepaper by CheckPoint regarding a threat group called Rocket Kitten. We believe this version of the MPK Trojan is based on the same code base, as both the IRC version and the one referenced in the white paper have considerable similarities from a behavior standpoint as well as direct code overlap. | |
Information | <https://unit42.paloaltonetworks.com/unit42-magic-hound-campaign-attacks-saudi-targets/> <https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.mpkbot> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:MPKBot> |
Last change to this tool card: 14 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Cutting Kitten, TG-2889 | 2012-Mar 2016 | ||||
Magic Hound, APT 35, Cobalt Illusion, Charming Kitten | 2012-Aug 2024 |
2 groups listed (2 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |