PoisonIvy (Trojan)

Short description: Malware

PoisonIvy is a remote access trojan that enables key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.^[1] It was created around 2005 by a Chinese hacker^[2] and has been used in several prominent hacks, including a breach of the RSA SecurID authentication tool and the Nitro attacks on chemical companies, both in 2011.^[3]^[4]^[5]^[6]^[7]^[8] Another name for the malware is "Backdoor.Darkmoon".^[9]

References

↑ "POISON IVY: Assessing Damage and Extracting Intelligence". FireEye. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf. Retrieved March 11, 2021.
↑ Keizer, Gregg (31 October 2011). "'Nitro' hackers use stock malware to steal chemical, defense secrets". https://www.computerworld.com/article/2499789/-nitro--hackers-use-stock-malware-to-steal-chemical--defense-secrets.html.
↑ "Poison Ivy NJCCIC Threat Profile". NJCCIC. April 12, 2017. https://www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/poison-ivy.
↑ Higgins, Kelly Jackson (21 August 2013). "Poison Ivy Trojan Just Won't Die". DARK Reading. https://www.darkreading.com/attacks-breaches/poison-ivy-trojan-just-wont-die/d/d-id/1140340.
↑ Kirk, Jeremy (22 August 2013). "Poison Ivy Trojan used in RSA SecurID attack still popular". InfoWorld. https://www.infoworld.com/article/2611606/poison-ivy-trojan-used-in-rsa-securid-attack-still-popular.html.
↑ Mills, Elinor (5 April 2011). "Attack on RSA used zero-day Flash exploit in Excel". CNET. http://news.cnet.com/8301-27080_3-20051071-245.html.
↑ "'Nitro attacks' continue". Virus Bulletin. 13 December 2011. https://www.virusbulletin.com/blog/2011/12/nitro-attacks-continue/.
↑ Phneah, Ellyne (1 November 2011). "'Nitro' attack targets chemical firms". https://www.zdnet.com/article/nitro-attack-targets-chemical-firms/.
↑ Fisher, Dennis (30 August 2012). "Use of Java Zero-Day Flaws Tied to Nitro Attack Crew". https://threatpost.com/use-java-zero-day-flaws-tied-nitro-attack-crew-083012/76965/.

0.00

(0 votes)

[1] "POISON IVY: Assessing Damage and Extracting Intelligence". FireEye. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf. Retrieved March 11, 2021.

[2] Keizer, Gregg (31 October 2011). "'Nitro' hackers use stock malware to steal chemical, defense secrets". https://www.computerworld.com/article/2499789/-nitro--hackers-use-stock-malware-to-steal-chemical--defense-secrets.html.

[3] "Poison Ivy NJCCIC Threat Profile". NJCCIC. April 12, 2017. https://www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/poison-ivy.

[4] Higgins, Kelly Jackson (21 August 2013). "Poison Ivy Trojan Just Won't Die". DARK Reading. https://www.darkreading.com/attacks-breaches/poison-ivy-trojan-just-wont-die/d/d-id/1140340.

[5] Kirk, Jeremy (22 August 2013). "Poison Ivy Trojan used in RSA SecurID attack still popular". InfoWorld. https://www.infoworld.com/article/2611606/poison-ivy-trojan-used-in-rsa-securid-attack-still-popular.html.

[6] Mills, Elinor (5 April 2011). "Attack on RSA used zero-day Flash exploit in Excel". CNET. http://news.cnet.com/8301-27080_3-20051071-245.html.

[7] "'Nitro attacks' continue". Virus Bulletin. 13 December 2011. https://www.virusbulletin.com/blog/2011/12/nitro-attacks-continue/.

[8] Phneah, Ellyne (1 November 2011). "'Nitro' attack targets chemical firms". https://www.zdnet.com/article/nitro-attack-targets-chemical-firms/.

[9] Fisher, Dennis (30 August 2012). "Use of Java Zero-Day Flaws Tied to Nitro Attack Crew". https://threatpost.com/use-java-zero-day-flaws-tied-nitro-attack-crew-083012/76965/.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]