KEYPLUG
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 12/12/2022 16:47
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 39 attack patterns (mitre), 3 intrusion sets (apt), 7 sectors, 4 countries, 97 indicators, 2 vulnerabilities (cve)
Aliases
KEYPLUG.LINUX
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (39)
Intrusion sets (APT) (3)
-
Winnti usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[APT41](https://attack.mitre.org/groups/G0096) is a threat group that researchers have assessed as Chinese state-sponsored espionage group that also conducts financially-motivated operations. Active since at least 2012, [APT41](https://attack.mitre.org/groups/G0096) has been observed…
First seen 01/01/1970 · Last seen 16/11/5138 · -
RedGolf usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (7)
-
Transportation targets
-
Air transport targets
-
Education targets
-
Technology targets
-
Media targets
-
Government targets
-
Retail targets
Countries (4)
-
Japan targets
-
United States of America targets
-
Italy targets
-
Sri Lanka targets
Indicators (97)
-
jsj1.linuxupdate.infoindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
exchange.portomnail.comindicatesstix 100/100 RevokedNetwork activity Domains Associated with PlugX Infrastructure
· Valid until 18/07/2024 · Source: AlienVault -
stix 100/100 Revoked· Valid until 14/04/2026 · Source: AlienVault
-
a.linuxupdate.infoindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
mail.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
box.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
vpnmobupdate.ddns.netindicatesstix 100/100 RevokedNetwork activity RedGolf DDNS Domain
· Valid until 18/07/2024 · Source: AlienVault -
back.rooter.tkindicatesstix 100/100 RevokedNetwork activity RedGolf DDNS Domain
· Valid until 18/07/2024 · Source: AlienVault -
down-flash.comindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 30/01/2024 · Source: AlienVault -
n2.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault -
linux.down-flash.comindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 19/07/2024 · Source: AlienVault -
q.xxe.pwindicatesstix 100/100 RevokedNetwork activity RedGolf Associated Domain
· Valid until 18/07/2024 · Source: AlienVault
Vulnerabilities (CVE) (2)
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …
- Attack vector
- Network
- Published
- 05/02/2024
- Modified
- 14/01/2026
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized …
- Attack vector
- Network
- Published
- 05/02/2024
- Modified
- 14/01/2026