ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Poison Ivy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Poison Ivy

NamesPoison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
Breut
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
DescriptionPoison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-variant.html>
<https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii>
<http://contagiodump.blogspot.com/2010/01/jan-17-trojan-darkmoonb-exe-haiti.html>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/>
<https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/>
<https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html>
<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/>
<http://blogs.360.cn/post/APT_C_01_en.html>
<https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/>
MITRE ATT&CK<https://attack.mitre.org/software/S0012/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.darkmoon>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Poison%20Ivy>

Last change to this tool card: 26 May 2020

Download this tool card in JSON format

All groups using tool Poison Ivy

ChangedNameCountryObserved

APT groups

 Anchor Panda, APT 14China2012 
 APT 6China2011 
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
 APT 20, Violin PandaChina2014-2017 
 Axiom, Group 72China2008-2008/2014 
 BookwormChina2015 
 Comment Crew, APT 1China2006-May 2018X
 DragonOKChina2015-Jan 2017 
 Dust StormChina2010 
 GalliumChina2018-Jun 2022 HOT 
 IronHuskyChina2017-Aug 2021 
 MoafeeChina2014 
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Nov 2021 
XMustang Panda, Bronze PresidentChina2014-Jun 2022 HOT 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Nitro, Covert GroveChina2011-Jul 2014 
 PittyTiger, Pitty PandaChina2011-2014 
 PKPLUGChina2016-Mar 2021 
 RedDeltaChina2020-Feb 2022 
 RedFoxtrotChina2014-Aug 2021 
 SiestaChina2014 
 Space PiratesChina2017 
 Stone Panda, APT 10, menuPassChina2006-Feb 2022X
XTA428China2013-Jan 2022 
 Temper Panda, [email protected]China2014 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Jul 2020 

26 groups listed (26 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]