PLEAD
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[PLEAD](https://attack.mitre.org/software/S0435) is a remote access tool (RAT) and downloader used by [BlackTech](https://attack.mitre.org/groups/G0098) in targeted attacks in East Asia including Taiwan, Japan, and Hong Kong.(Citation: TrendMicro BlackTech June 2017)(Citation: JPCert PLEAD Downloader June 2018) [PLEAD](https://attack.mitre.org/software/S0435) has also been referred to as [TSCookie](https://attack.mitre.org/software/S0436), though more recent reporting indicates likely separation between the two. [PLEAD](https://attack.mitre.org/software/S0435) was observed in use as early as March 2017.(Citation: JPCert TSCookie March 2018)(Citation: JPCert PLEAD Downloader June 2018)
Associated Techniques (15)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1001.001 | Junk Data | - |
| T1010 | Application Window Discovery | - |
| T1057 | Process Discovery | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1071.001 | Web Protocols | - |
| T1083 | File and Directory Discovery | - |
| T1090 | Proxy | - |
| T1105 | Ingress Tool Transfer | - |
| T1106 | Native API | - |
| T1204.001 | Malicious Link | - |
| T1204.002 | Malicious File | - |
| T1555 | Credentials from Password Stores | - |
| T1555.003 | Credentials from Web Browsers | - |
| T1573.001 | Symmetric Cryptography | - |
Used by Actors (1)
Metadata
| ID: | 508 |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 16:00 |