Pivy

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
PIVY, a type of malware, is known for its harmful exploits on computers and devices. It infiltrates systems through dubious downloads, emails, or websites, often without the user's awareness. Once inside, it can steal personal information, disrupt operations, or even hold data for ransom. PIVY has been linked to several campaigns, including the menuPass group, which is identified by specific passwords found in the PIVY samples. Three samples use "menuPass" and another uses "keaidestone", leading to high confidence that recent attacks were perpetrated by the menuPass group. FireEye's 2013 paper detailed various campaigns utilizing PIVY and included menuPass as one of them. Additional details were added in a later blog. Unlike PlugX and PIVY, which are used by multiple campaigns, ChChes appears to be unique to this group. In 2016, from September through November, an Advanced Persistent Threat (APT) campaign known as "menuPass" targeted Japanese academics, pharmaceutical companies, and a US-based subsidiary of a Japanese manufacturing organization. Along with using PlugX and Poison Ivy (PIVY), they also deployed a new Trojan called "ChChes." The menuPass group's activities have been well-documented by cybersecurity firms and researchers. In addition to their use of PIVY, they have also employed other malware like PlugX and ChChes in their operations. The latter, according to the Japan Computer Emergency Response Team Coordination Center (JPCERT), seems to be exclusively used by the menuPass group. These consistent patterns of behavior, coupled with the distinctive passwords found in PIVY samples, provide strong evidence linking these cyber-attacks to the menuPass group.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Trojan
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ChChesUnspecified
1
ChChes is a malware family that has been linked to the Advanced Persistent Threat (APT) group known as "menuPass." The malware was first identified in 2016 when it was used to target Japanese academics, pharmaceutical companies, and a US-based subsidiary of a Japanese manufacturing organization. ChC
PlugXUnspecified
1
PlugX is a notorious malware, typically associated with Chinese threat actors, that has been used in various cyberattacks. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. It
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
menuPassUnspecified
1
MenuPass, also known as APT10, Stone Panda, and ALPHV BlackCat, is a threat actor suspected to be linked to the Chinese government. This cyber espionage group has been active since at least 2009, according to Mandiant, and has targeted a wide range of sectors including construction, engineering, aer
KeaidestoneUnspecified
1
None
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Pivy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations