ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > List all tools > List all groups using tool MPKBot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: MPKBot

TypeBackdoor, Info stealer
Description(Palo Alto) We also found a second IRC bot called MPK using the same IP for its C2 server that a Leash sample was hosted on. This MPK IRC bot is very similar to the MPK Trojan that used a custom C2 communications protocol, as detailed in a whitepaper by CheckPoint regarding a threat group called Rocket Kitten. We believe this version of the MPK Trojan is based on the same code base, as both the IRC version and the one referenced in the white paper have considerable similarities from a behavior standpoint as well as direct code overlap.
AlienVault OTX<>

Last change to this tool card: 14 May 2020

Download this tool card in JSON format

All groups using tool MPKBot


APT groups

 Cutting Kitten, TG-2889Iran2012-Mar 2016X
XMagic Hound, APT 35, Cobalt Illusion, Charming KittenIran2012-Sep 2022 HOTX

2 groups listed (2 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]