Difference between revisions of "PoisonIvy adapts to communicate through authentication proxies"
Jump to navigation
Jump to search
(Created page with "{{Publication |Year=2015 |Date=2015-07-23 |Editor=JPCERT-CC |Link=http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html |Author=...") |
|||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Botnet=PoisonIvy, | |||
|Year=2015 | |Year=2015 | ||
|Date=2015-07-23 | |Date=2015-07-23 |
Revision as of 11:59, 4 August 2015
(Publication) Google search: [1]
PoisonIvy adapts to communicate through authentication proxies | |
---|---|
Botnet | PoisonIvy |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-07-23 |
Editor/Conference | JPCERT-CC |
Link | http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html (Archive copy) |
Author | Shusei Tomonaga |
Type | Blogpost |
Abstract
“ PoisonIvy, a Remote Access Tool/Trojan (RAT) often used in targeted attacks, had been widely seen until around 2013. Since then, the number of cases using PoisonIvy in such attacks decreased, and there was no special variant with expanded features seen in the wild. However, recently, we have observed cases where PoisonIvy with expanded features in its communication function were used for attacks.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR2237, editor = {JPCERT-CC}, author = {Shusei Tomonaga}, title = {PoisonIvy adapts to communicate through authentication proxies}, date = {23}, month = Jul, year = {2015}, howpublished = {\url{http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html}}, }