PLEAD

Description

(Trend Micro) PLEAD’s backdoor can:

• Harvest saved credentials from browsers and email clients like Outlook • List drives, processes, open windows, and files • Open remote Shell • Upload target file • Execute applications via ShellExecute API • Delete target file

Names

Name
PLEAD
DRAWDOWN
GOODTIMES
Linopid
TSCookie

Type

Reconnaissance
Backdoor
Info stealer
Credential stealer
Exfiltration

Information

https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/
http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html
https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html
https://blogs.jpcert.or.jp/en/2018/11/tscookie2.html
http://www.freebuf.com/column/159865.html
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
https://documents.trendmicro.com/assets/appendix-following-the-trail-of-blacktechs-cyber-espionage-campaigns.pdf

Mitre Attack

https://attack.mitre.org/software/S0435/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.plead
https://malpedia.caad.fkie.fraunhofer.de/details/elf.tscookie

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:PLEAD

Other Information

Uuid

9ed8c80d-8d26-487b-8b98-a31c2206e2ae

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

PLEAD

PLEAD

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks