Remote Access Trojan
Poison Ivy
First seen: 2005-01 • Status: active
Currently Active Threat
Poison Ivy is a very old Chinese hacking tool. It has been around since 2005 but modified versions are still used today.
Overview
Poison Ivy is a classic RAT used by Chinese APT groups. While old, variants are still seen in targeted attacks.
Also Known As
PIVY
How It Spreads
- • Spear-phishing
- • Watering holes
What It Does
- • Remote access
- • Keylogging
- • File transfer
- • Screen capture
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for PIVY signatures
- • Watch for legacy C2 patterns
MITRE ATT&CK Techniques
T1056, T1113, T1005
If You're Infected
- 1.
Full malware scan
- 2.
Reset credentials
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required