KEYPLUG
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 12/12/2022 16:47
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 39 attack patterns (mitre), 3 intrusion sets (apt), 7 sectors, 4 countries, 97 indicators, 2 vulnerabilities (cve)
Aliases
KEYPLUG.LINUX
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (39)
-
T1583.003 usesVirtual Private Server MITRE
-
T1016 usesSystem Network Configuration Discovery MITRE
-
T1055 usesProcess Injection MITRE
-
T1095 usesNon-Application Layer Protocol MITRE
-
T1018 usesRemote System Discovery MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1036 usesMasquerading MITRE
-
T1573 usesEncrypted Channel MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1124 usesSystem Time Discovery MITRE
-
T1046 usesNetwork Service Discovery MITRE
-
T1573.002 usesAsymmetric Cryptography MITRE
Intrusion sets (APT) (3)
-
Winnti usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RedGolf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (7)
-
Transportation targets
-
Air transport targets
-
Education targets
-
Technology targets
-
Media targets
-
Government targets
-
Retail targets
Countries (4)
-
Japan targets
-
United States of America targets
-
Italy targets
-
Sri Lanka targets
Indicators (97)
-
jsj1.linuxupdate.infoindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
exchange.portomnail.comindicatesstix 100/100 RevokedNetwork activity Domains Associated with PlugX Infrastructure
· Valid until 18/07/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 14/04/2026 · Source: AlienVault
-
a.linuxupdate.infoindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
mail.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
box.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
vpnmobupdate.ddns.netindicatesstix 100/100 RevokedNetwork activity RedGolf DDNS Domain
· Valid until 18/07/2024 · Source: AlienVault -
back.rooter.tkindicatesstix 100/100 RevokedNetwork activity RedGolf DDNS Domain
· Valid until 18/07/2024 · Source: AlienVault -
down-flash.comindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 30/01/2024 · Source: AlienVault -
n2.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
linux.down-flash.comindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 19/07/2024 · Source: AlienVault -
q.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …
- Attack vector
- Network
- Published
- 05/02/2024
- Modified
- 14/01/2026
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …
- Attack vector
- Network
- Published
- 05/02/2024
- Modified
- 14/01/2026