Poison Ivy: assessing damage and extracting intelligence
Revision as of 17:25, 12 August 2015 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Poison Ivy, |Year=2014 |Date=2014-08-30 |Editor=FireEye |Link=https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-i...")
(Publication) Google search: [1]
| Poison Ivy: assessing damage and extracting intelligence | |
|---|---|
| Botnet | Poison Ivy |
| Malware | |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2014 / 2014-08-30 |
| Editor/Conference | FireEye |
| Link | https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf (Archive copy) |
| Author | |
| Type | Tech report |
Abstract
“ Poison Ivy is a remote access tool that is freely available for download from its official web site at www.poisonivy-rat.com. First released in 2005, the tool has gone unchanged since 2008 with version 2.3.2. Poison Ivy includes features common to most Windows-based RATs, including key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR4646,
editor = {FireEye},
author = {},
title = {Poison Ivy: assessing damage and extracting intelligence},
date = {30},
month = Aug,
year = {2014},
howpublished = {\url{https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf}},
}