216.73.217.172

KEYPLUG

The MITRE Corporation · Published 12/12/2022 16:47 · Modified 27/03/2026 01:05 Family

Essential information

Confidence
100/100
Is family
Yes
Published
12/12/2022 16:47
Modified
27/03/2026 01:05
Revoked
No
Author / Source
The MITRE Corporation
Related entities
39 attack patterns (mitre), 3 intrusion sets (apt), 7 sectors, 4 countries, 97 indicators, 2 vulnerabilities (cve)

Aliases

KEYPLUG.LINUX

Description

[KEYPLUG](https://attack.mitre.org/software/S1051) is a modular backdoor written in C++, with Windows and Linux variants, that has been used by [APT41](https://attack.mitre.org/groups/G0096) since at least June 2021.(Citation: Mandiant APT41)

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references