KEYPLUG

Description

(Mandiant) KEYPLUG is a modular backdoor written in C++ that supports multiple network protocols for command and control (C2) traffic including HTTP, TCP, KCP over UDP, and WSS.

Names

Name
KEYPLUG
ELFSHELF

Type

Backdoor

Information

https://www.mandiant.com/resources/blog/apt41-us-state-governments
https://yoroi.company/en/research/uncovering-an-undetected-keyplug-implant-attacking-industries-in-italy/
https://hunt.io/blog/keyplug-server-exposes-fortinet-exploits-webshells

Mitre Attack

https://attack.mitre.org/software/S1051

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/elf.keyplug

Other Information

Uuid

c549363e-03d1-4696-9d7e-5118831adf40

Last Card Change

2025-06-27

Threat Intelligence Garden

Explorer

KEYPLUG

KEYPLUG

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks