Poison Ivy

Malware updated 4 months ago (2024-05-04T20:37:29.316Z)

Download STIX

Preview STIX

Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware has been linked to other harmful programs such as FakeM MSN, BiFrost, Elirks, and PlugX, with overlaps in PE resources and infrastructure ties indicating that the same developer may have been involved in creating these various samples. Poison Ivy has been used in attacks dating back to 2009, and traces of its use have been found in the network infrastructure of HenBox. A unique variant of Poison Ivy, known as GALLIUM, has been observed. This version appears to be modified and unique to the threat group GALLIUM. In addition to this, Poison Ivy has been used by various Advanced Persistent Threat (APT) campaigns, including the "menuPass" campaign in 2016 which targeted Japanese academics and organizations. Other well-known malware, such as PlugX, ShadowPad, and Gh0st RAT, were also used in conjunction with Poison Ivy in these attacks. The use of Poison Ivy extends to several other cyber threats. APT1 intruders occasionally use publicly available backdoors like Poison Ivy, but they predominantly use their custom backdoors. Another threat group, IndigoZebra, utilized Poison Ivy in covert operations targeting former Soviet Republics. Moreover, the malware was part of a cyber campaign likely intended to monitor Hong Kong media during periods of crisis, demonstrating its widespread use in global cyber espionage activities.

Description last updated: 2024-05-04T20:29:30.107Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Rat

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
PlugX	Unspecified	2	PlugX is a notorious malware known for its harmful capabilities and stealthy operations. Often used by the Winnti group, it has been linked to various cyber-attacks, leveraging DLL side-loading to remain undetected. This technique allows it to infiltrate systems without raising alarms, making it an

Source Document References

Information about the Poison Ivy Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	The most-read Colorado news of 2023, from Casa Bonita to Bigfoot and Boebert
MITRE	2 years ago	menuPass Returns with New Malware and New Attacks Against Japanese Academics and Organizations
CERT-EU	a year ago	Space Pirates: analyzing the tools and connections of a new hacker group
MITRE	2 years ago	Advanced Persistent Threats (APTs) \| Threat Actors & Groups
MITRE	2 years ago	IndigoZebra APT Hacking Campaign Targets the Afghan Government
MITRE	2 years ago	China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets \| Mandiant
MITRE	2 years ago	GALLIUM: Targeting global telecom
MITRE	2 years ago	Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
MITRE	2 years ago	Mustang Panda \| Threat Actor Profile \| CrowdStrike
MITRE	2 years ago	New Wekby Attacks Use DNS Requests As Command and Control Mechanism
MITRE	2 years ago	IndigoZebra APT continues to attack Central Asia with evolving tools - Check Point Research
MITRE	2 years ago	Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists