Poison Ivy

Malware updated 15 days ago (2024-11-29T14:43:59.973Z)
Download STIX
Preview STIX
Poison Ivy is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The malware has been linked to other harmful programs such as FakeM MSN, BiFrost, Elirks, and PlugX, with overlaps in PE resources and infrastructure ties indicating that the same developer may have been involved in creating these various samples. Poison Ivy has been used in attacks dating back to 2009, and traces of its use have been found in the network infrastructure of HenBox. A unique variant of Poison Ivy, known as GALLIUM, has been observed. This version appears to be modified and unique to the threat group GALLIUM. In addition to this, Poison Ivy has been used by various Advanced Persistent Threat (APT) campaigns, including the "menuPass" campaign in 2016 which targeted Japanese academics and organizations. Other well-known malware, such as PlugX, ShadowPad, and Gh0st RAT, were also used in conjunction with Poison Ivy in these attacks. The use of Poison Ivy extends to several other cyber threats. APT1 intruders occasionally use publicly available backdoors like Poison Ivy, but they predominantly use their custom backdoors. Another threat group, IndigoZebra, utilized Poison Ivy in covert operations targeting former Soviet Republics. Moreover, the malware was part of a cyber campaign likely intended to monitor Hong Kong media during periods of crisis, demonstrating its widespread use in global cyber espionage activities.
Description last updated: 2024-05-04T20:29:30.107Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The PlugX Malware is associated with Poison Ivy. PlugX is a Remote Access Trojan (RAT) malware known for its stealthy operations and destructive capabilities. It is often used by threat actors to exploit and damage computer systems, steal personal information, disrupt operations, or hold data hostage for ransom. Its deployment has been linked to sUnspecified
2