Havoc: SharePoint with Microsoft Graph API turns into FUD C2


Havoc is a powerful command-and-control (C2) framework. Like other well-known C2 frameworks, such as Cobalt Strike, Silver, and Winos4.0, Havoc has been used in threat campaigns to gain full control over the target. Additionally, It is open-source and available on GitHub, making it easier for threat actors to modify it to evade detection.

FortiGuard Labs recently discovered a phishing campaign that combines ClickFix and multi-stage malware to deploy a modified Havoc Demon Agent. The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted, well-known services.

Read more…
Source: Fortinet


Sign up for our Newsletter


Related:

  • NSA Advocates Data Sharing Framework

    June 23, 2017

    The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...