Pivy

Malware updated 6 months ago (2024-05-05T13:17:33.350Z)
Download STIX
Preview STIX
PIVY, a type of malware, is known for its harmful exploits on computers and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, or even hold data for ransom. PIVY has been linked to several campaigns, including the menuPass group, which is identified by specific passwords found in the PIVY samples. Three samples use "menuPass" and another uses "keaidestone", leading to high confidence that recent attacks were perpetrated by the menuPass group. FireEye's 2013 paper detailed various campaigns utilizing PIVY and included menuPass as one of them. Additional details were added in a later blog. Unlike PlugX and PIVY, which are used by multiple campaigns, ChChes appears to be unique to this group. In 2016, from September through November, an Advanced Persistent Threat (APT) campaign known as "menuPass" targeted Japanese academics, pharmaceutical companies, and a US-based subsidiary of a Japanese manufacturing organization. Along with using PlugX and Poison Ivy (PIVY), they also deployed a new Trojan called "ChChes." The menuPass group's activities have been well-documented by cybersecurity firms and researchers. In addition to their use of PIVY, they have also employed other malware like PlugX and ChChes in their operations. The latter, according to the Japan Computer Emergency Response Team Coordination Center (JPCERT), seems to be exclusively used by the menuPass group. These consistent patterns of behavior, coupled with the distinctive passwords found in PIVY samples, provide strong evidence linking these cyber-attacks to the menuPass group.
Description last updated: 2024-05-05T12:46:04.299Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pivy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more