Poison Ivy

Hey everybody,

The infamous Remote Access Trojan (RAT) Poison Ivy has emerged again recently with some new features.  It has been observed that PIVY targeted a number of Asian countries for various purposes over the past year.

New Poison Ivy Activity Targeting Myanmar, Asian Countries.

In a recent blog post by Palo Alto Networks’ Unit 42 they discussed a new Poison Ivy variant targeting Hong Kong activists dubbed SPIVY that uses DLL sideloading. This operates quite differently from a variant recently observed by ASERT that has been active for at least the past 12 months.

The PIVY variant that ASERT has observed has exhibited some newer behavior that we have not seen or discussed previously. The samples drop a decoy doc – usually hinting clearly at the target.

PIVY continues to evolve and be used in a myriad of targeted exploitation campaigns – not unlike many other targeted malware families such as PlugX or the Dukes. This will certainly not be the last evolution of PIVY.

Check out the full post with technical details at : https://www.arbornetworks.com/blog/asert/recent-poison-iv/


Source: Akati

Comments are closed.