Poison Ivy - Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 15:43:21 UTC
Home > List all groups > List all tools > List all groups using tool Poison Ivy
 Tool: Poison Ivy
Names
Poison Ivy
pivy
poisonivy
Gen:Trojan.Heur.PT
Darkmoon
Chymine
SPIVY
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Credential stealer, Exfiltration
Description Poison Ivy is a popular remote access tool (RAT) that has been used by many groups.
Information
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0250d37-fcad-40db-bfa4-adb597d651db
Page 1 of 3

MITRE ATT&CK Malpedia
AlienVault OTX Last change to this tool card: 29 December 2022
Download this tool card in JSON format
All groups using tool Poison Ivy
Changed Name Country Observed
APT groups
 Anchor Panda, APT 14 2012
 APT 6 2011
 APT 17, Deputy Dog, Elderwood, Sneaky Panda 2009-Jun 2024
 APT 20, Violin Panda 2014-2017
 Axiom, Group 72 2008-2008/2014
 Bookworm 2015
 Comment Crew, APT 1 2006-May 2018
 DragonOK 2015-Jan 2017
 Dust Storm 2010
 Gallium 2018-Jun 2022
 IronHusky 2017-Aug 2021
 Moafee 2014
 Molerats, Extreme Jackal, Gaza Cybergang [Gaza] 2012-Jul 2023
 Mustang Panda, Bronze President 2012-Jun 2025
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0250d37-fcad-40db-bfa4-adb597d651db
Page 2 of 3

Nightshade Panda, APT 9, Group 27 2013-Sep 2016  
  Nitro, Covert Grove 2011-Jul 2014  
  PittyTiger, Pitty Panda 2011-2014  
  RedDelta 2020-Jul 2023  
  RedFoxtrot 2014-Aug 2021  
  Siesta 2014  
  Space Pirates 2017-Nov 2024  
  Stone Panda, APT 10, menuPass 2006-Mar 2025
  TA428 2013-Jan 2022  
  Temper Panda, admin@338 2014  
  Tropic Trooper, Pirate Panda, APT 23, KeyBoy 2011-Jun 2023  
25 groups listed (25 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0250d37-fcad-40db-bfa4-adb597d651db
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0250d37-fcad-40db-bfa4-adb597d651db
Page 3 of 3