Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 22:04:43 UTC
Home > List all groups > List all tools > List all groups using tool RedLeaves
 Tool: RedLeaves
Names
RedLeaves
BUGJUICE
Category Malware
Type Reconnaissance, Backdoor
Description
(US-CERT) The REDLEAVES implant consists of three parts: an executable, a loader,
and the implant shellcode. The REDLEAVES implant is a remote administration Trojan
(RAT) that is built in Visual C++ and makes heavy use of thread generation during its
execution. The implant contains a number of functions typical of RATs, including
system enumeration and creating a remote shell back to the C2.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool RedLeaves
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30de5fb0-f7b6-4795-9732-e90515d91451
Page 1 of 2

Changed Name Country Observed
APT groups
  Stone Panda, APT 10, menuPass 2006-Mar 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30de5fb0-f7b6-4795-9732-e90515d91451
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30de5fb0-f7b6-4795-9732-e90515d91451
Page 2 of 2