In recent months, adversaries have increasingly opted for the Havoc post‑exploitation framework. The tool is less popular compared to Cobalt Strike, Metasploit, and Sliver.
According to BI.ZONE Threat Intelligence, this C2 framework is employed in an attempt to evade cybersecurity systems that may not flag an unknown program as malicious. For instance, such was the approach of the Mysterious Werewolf cluster that leveraged the Mythic framework in one of its campaigns. In this research, we explore two campaigns based on the Havoc framework.
Read more…
Source: BI.ZONE
Related:
- GreyEnergy’s overlap with Zebrocy
January 24, 2019
In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has ...
- Malvertising campaign targets Apple users with malicious code hidden in images
January 24, 2019
Apple users continue to be some of the favorite targets of malvertising campaigns, according to a report published this week by cyber-security firm Confiant. The report describes a new malvertising group called VeryMal that’s been going after Apple users, with the latest campaigns employing steganography techniques to hide malicious code inside ad images to avoid detection. The Confiant report comes ...
- Bit-and-Piece DDoS Method Emerges to Torment ISPs
January 24, 2019
Perpetrators are using smaller, bit-and-piece methods to inject junk into legitimate traffic, causing attacks to bypass detection rather than sounding alarms with large, obvious attack spikes. A pioneering distributed denial-of-service (DDoS) attack pattern has emerged, targeting internet service providers (ISPs) with something researchers have dubbed the bit-and-piece “Mongol” attack. The approach involves spreading out junk traffic across ...
- Trojans lead siege on businesses for second year running
January 23, 2019
Security software firm Malwarebytes has released its annual ‘State of Malware 2019‘ report which analyses the prevalence of different forms of malware and shows how each type is being used to attack businesses and consumers. Following its quarterly report released in October, Malwarebytes report that for the second year in a row, Trojans are leading the siege on ...
- U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
January 23, 2019
An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks. The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days. The department’s rare “emergency directive,” issued Tuesday, warned ...
- Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019
Just in time… Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same. Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...