ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Poison Ivy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Poison Ivy

NamesPoison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
SPIVY
CategoryMalware
TypeReconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
DescriptionPoison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information<https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf>
<https://www.fortinet.com/blog/threat-research/deep-analysis-of-new-poison-ivy-variant.html>
<https://blog.fortinet.com/2017/09/15/deep-analysis-of-new-poison-ivy-plugx-variant-part-ii>
<http://contagiodump.blogspot.com/2010/01/jan-17-trojan-darkmoonb-exe-haiti.html>
<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/august/analysing-a-recent-poison-ivy-sample/>
<https://researchcenter.paloaltonetworks.com/2016/04/unit42-new-poison-ivy-rat-variant-targets-hong-kong-pro-democracy-activists/>
<https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html>
<https://www.fireeye.com/blog/threat-research/2013/10/know-your-enemy-tracking-a-rapidly-evolving-apt-actor.html>
<https://researchcenter.paloaltonetworks.com/2014/09/recent-watering-hole-attacks-attributed-apt-group-th3bug-using-poison-ivy/>
<http://blogs.360.cn/post/APT_C_01_en.html>
<https://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/>
MITRE ATT&CK<https://attack.mitre.org/software/S0012/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.poison_ivy>
<https://malpedia.caad.fkie.fraunhofer.de/details/win.darkmoon>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Poison%20Ivy>

Last change to this tool card: 29 December 2022

Download this tool card in JSON format

All groups using tool Poison Ivy

ChangedNameCountryObserved

APT groups

 Anchor Panda, APT 14China2012 
 APT 6China2011 
 APT 17, Deputy Dog, Elderwood, Sneaky PandaChina2009-Sep 2017 
XAPT 20, Violin PandaChina2014-2017 
XAxiom, Group 72China2008-2008/2014 
 BookwormChina2015 
 Comment Crew, APT 1China2006-May 2018X
XDragonOKChina2015-Jan 2017 
 Dust StormChina2010 
 GalliumChina2018-Jun 2022 
 IronHuskyChina2017-Aug 2021 
 MoafeeChina2014 
 Molerats, Extreme Jackal, Gaza Cybergang[Gaza]2012-Jul 2023 
XMustang Panda, Bronze PresidentChina2012-Nov 2023 
 Nightshade Panda, APT 9, Group 27China2013-Sep 2016 
 Nitro, Covert GroveChina2011-Jul 2014 
 PittyTiger, Pitty PandaChina2011-2014 
 RedDeltaChina2020-Feb 2022 
 RedFoxtrotChina2014-Aug 2021 
 SiestaChina2014 
 Space PiratesChina2017-Sep 2022 
XStone Panda, APT 10, menuPassChina2006-Feb 2022X
 TA428China2013-Jan 2022 
 Temper Panda, admin@338China2014 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Jul 2020 

25 groups listed (25 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]