Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:37:49 UTC
Home > List all groups > List all tools > List all groups using tool PLAINTEE
 Tool: PLAINTEE
Names PLAINTEE
Category Malware
Type Reconnaissance, Backdoor
Description
(Palo Alto) PLAINTEE is unusual in that it uses a custom UDP protocol for its network
communications.
PLAINTEE will create a unique GUID via a call to CoCreateGuid() to be used as an
identifier for the victim. The malware then proceeds to collect general system
enumeration data about the infected machine and enters a loop where it will decode an
embedded config blob and send an initial beacon to the C2 server.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 23 April 2020
Download this tool card in JSON format
All groups using tool PLAINTEE
Changed Name Country Observed
APT groups
 Rancor 2017
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e8876cc-a6e4-4e3b-8637-e77d6363a1ad
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e8876cc-a6e4-4e3b-8637-e77d6363a1ad
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e8876cc-a6e4-4e3b-8637-e77d6363a1ad
Page 2 of 2