Difference between revisions of "Poison Ivy"
Jump to navigation
Jump to search
m (Text replacement - "=Unknown" to "=") |
|||
Line 1: | Line 1: | ||
{{Botnet | {{Botnet | ||
|Target=Microsoft Windows | |Target=Microsoft Windows | ||
|UserAgent= | |UserAgent= | ||
|CCProtocol=TCP/3360 | |CCProtocol=TCP/3360 | ||
|Status= | |Status= | ||
|BeginYear= | |BeginYear= | ||
|EndYear= | |EndYear= | ||
|Group=RAT, Spying, | |Group=RAT, Spying, | ||
|Commercialisation=* Le RAT est disponible ici : http://www.poisonivy-rat.com/ | |Commercialisation=* Le RAT est disponible ici : http://www.poisonivy-rat.com/ |
Latest revision as of 15:44, 8 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
Poison Ivy | |
---|---|
Alias | |
Group | RAT, Spying |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | |
CCProtocol | TCP/3360 (Port) |
Activity | / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
Features
Associated images
Checksums / AV databases
Publications
- Serveur Buffer Overflow (exploit Metasploit) pour la version 2.3.2 : http://www.metasploit.com/modules/exploit/windows/misc/poisonivy_bof
- Script nmap pour détecter la présence de PoisonIvy : http://alienvault-labs-garage.googlecode.com/files/poison_ivy.nse