PoisonIvy adapts to communicate through authentication proxies
Revision as of 12:01, 4 August 2015 by Eric.freyssinet (talk | contribs)
(Publication) Google search: [1]
PoisonIvy adapts to communicate through authentication proxies | |
---|---|
Botnet | Poison Ivy |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2015 / 2015-07-23 |
Editor/Conference | JPCERT-CC |
Link | http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html (Archive copy) |
Author | Shusei Tomonaga |
Type | Blogpost |
Abstract
“ PoisonIvy, a Remote Access Tool/Trojan (RAT) often used in targeted attacks, had been widely seen until around 2013. Since then, the number of cases using PoisonIvy in such attacks decreased, and there was no special variant with expanded features seen in the wild. However, recently, we have observed cases where PoisonIvy with expanded features in its communication function were used for attacks.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2015BFR2237, editor = {JPCERT-CC}, author = {Shusei Tomonaga}, title = {PoisonIvy adapts to communicate through authentication proxies}, date = {23}, month = Jul, year = {2015}, howpublished = {\url{http://blog.jpcert.or.jp/2015/07/poisonivy-adapts-to-communicate-through-authentication-proxies.html}}, }