53 matches found
Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS
The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX aka Korplug backdoor dubbed DOPLUGS. "The piece of customized PlugX malware is dissimilar to the general type of the PlugX malware that contains a completed backdoor command...
The Advanced Persistent Threat Files: APT1
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
The Advanced Persistent Threat files: APT10
We've heard a lot about Advanced Persistent Threats APTs over the past few years. As a refresher, APTs are prolonged, aimed attacks on specific targets with the intention to compromise their systems and gain information from or about that target. While the targets may be anyone or anything—a...
APT Trends report Q3 2017
Introduction Beginning in the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of what research we have been conducting. This report serves as the next...
Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...
Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
Introduction FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool RAT that has been used for...
Malware exploit: Poisonivy
Type: Stack Buffer Overflow Author: Gal Badishi This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp def...
Poison Ivy C2 Server Buffer Overflow Vulnerability
Poison Ivy is a remote control tool. Poison Ivy 2.1.x suffers from a buffer overflow vulnerability that can be exploited by a remote attacker to execute arbitrary code in the context of the application...
Poison Ivy 2.1.x - C2 Buffer Overflow (Metasploit)
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module...
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
Poison Ivy 2.1.x C2 Server - Remote Buffer Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This...
Poison Ivy 2.1.x (C2 Server) - Remote Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the Poison Ivy 2.1.x C...
Poison Ivy 2.1.x C2 Buffer Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Poison Ivy 2.1.x C2 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the Poison Ivy 2.1.x C...
Poison Ivy 2.1.x C2 Buffer Overflow
This module exploits a stack buffer overflow in the Poison Ivy 2.1.x C server. The exploit does not need to know the password chosen for the bot/server communication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen
The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 APT6 hacked into US government computer systems as far back as 2011 and for years stole sensitive data. The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts...
China APT Gang Targets Hong Kong Media via Dropbox
An APT gang linked to China and alleged to be responsible for targeted attacks against foreign governments and ministries, has now pointed its focus inward at China’s autonomous territory Hong Kong. An August attack against several media companies in Hong Kong was carried out shortly after a...
Poison Ivy 2.3.2 C&C Server Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Malaysian flight MH370 tragedy abused by Chinese hackers for Espionage attacks
The Mysterious Malaysian Airlines flight MH370, a Boeing 777-200 aircraft that has gone missing by the time it flew from Kuala Lumpur to Beijing. The Malaysian Prime Minister had also confirmed that the Malaysia Airlines plane had crashed in a remote part of the southern Indian Ocean. Cyber...
Malaysia Airlines Flight 370 spear phishing emails spotted
Hold off on the notion that watering hole attacks may supplant phishing as the initial means of compromise in advanced attacks. A number of recent targeted campaigns have used the crash of Malaysia Airlines 370 as a lure to infect government officials in the U.S. and Asia-Pacific. FireEye today...
Poison Ivy Command and Control Scanner
Enumerate Poison Ivy Command and Control C on ports 3460, 80, 8080 and 443. Adaptation of iTrust Python script. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Poison Ivy Command and Control...
Oil, Energy Watering Hole Attacks Linked to DOL attack
A string of watering hole attacks targeting oil and energy companies dating back to May could be linked to similar attacks against the U.S. Department of Labor website. Researchers at Cisco discovered the compromised domains of 10 oil and energy companies worldwide, including hydroelectric plants...