S0435Windows

S0435PLEAD

Platforms
1
ATT&CK
14.1
References
5

Description

[PLEAD](https://attack.mitre.org/software/S0435) is a remote access tool (RAT) and downloader used by [BlackTech](https://attack.mitre.org/groups/G0098) in targeted attacks in East Asia including Taiwan, Japan, and Hong Kong.(Citation: TrendMicro BlackTech June 2017)(Citation: JPCert PLEAD Downloader June 2018) [PLEAD](https://attack.mitre.org/software/S0435) has also been referred to as [TSCookie](https://attack.mitre.org/software/S0436), though more recent reporting indicates likely separation between the two. [PLEAD](https://attack.mitre.org/software/S0435) was observed in use as early as March 2017.(Citation: JPCert TSCookie March 2018)(Citation: JPCert PLEAD Downloader June 2018)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupBlackTechg009895%live

References

  1. https://attack.mitre.org/software/S0435
  2. https://blog.trendmicro.com/trendlabs-security-intelligence/plead-targeted-attacks-against-taiwanese-government-agencies-2/
  3. https://blog.trendmicro.com/trendlabs-security-intelligence/following-trail-blacktech-cyber-espionage-campaigns/
  4. https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
  5. https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
TSCookie
Software
PLEAD Downloader
Actor
BlackTech
Software
4H RAT
Software
PLAINTEE
Software
ROKRAT
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.