KEYPLUG
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 12/12/2022 16:47
- Modified
- 27/03/2026 01:05
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 39 attack patterns (mitre), 3 intrusion sets (apt), 7 sectors, 4 countries, 97 indicators, 2 vulnerabilities (cve)
Aliases
KEYPLUG.LINUX
Description
[KEYPLUG](https://attack.mitre.org/software/S1051) is a modular backdoor written in C++, with Windows and Linux variants, that has been used by [APT41](https://attack.mitre.org/groups/G0096) since at least June 2021.(Citation: Mandiant APT41)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.