PoisonIvy (trojan) explained
PoisonIvy is a remote access trojan that enables key logging, screen capturing, video capturing, file transfers, system administration, password theft, and traffic relaying.[1] It was created around 2005 by a Chinese hacker[2] and has been used in several prominent hacks, including a breach of the RSA SecurID authentication tool and the Nitro attacks on chemical companies, both in 2011.[3] [4] [5] [6] [7] [8] Another name for the malware is "Backdoor.Darkmoon".[9]
Notes and References
- Web site: POISON IVY: Assessing Damage and Extracting Intelligence . March 11, 2021. FireEye.
- Web site: Keizer . Gregg . 'Nitro' hackers use stock malware to steal chemical, defense secrets . . 31 October 2011.
- Web site: Poison Ivy NJCCIC Threat Profile . nj.gov . NJCCIC . March 11, 2021 . April 12, 2017 . June 3, 2021 . https://web.archive.org/web/20210603075701/https://www.cyber.nj.gov/threat-center/threat-profiles/trojan-variants/poison-ivy/ . live .
- Web site: Higgins . Kelly Jackson . Poison Ivy Trojan Just Won't Die . DARK Reading . 12 March 2021 . 21 August 2013.
- Web site: Kirk . Jeremy . Poison Ivy Trojan used in RSA SecurID attack still popular . InfoWorld . 12 March 2021 . 22 August 2013.
- Web site: Mills. Elinor. 5 April 2011. Attack on RSA used zero-day Flash exploit in Excel. CNET. dead. https://web.archive.org/web/20110717172902/http://news.cnet.com/8301-27080_3-20051071-245.html. 17 July 2011.
- Web site: 'Nitro attacks' continue . Virus Bulletin . 13 December 2011.
- Web site: Phneah . Ellyne . 'Nitro' attack targets chemical firms . ZDNet . 1 November 2011.
- Web site: Fisher . Dennis . Use of Java Zero-Day Flaws Tied to Nitro Attack Crew . threatpost . 7 April 2021 . 30 August 2012 . 2 June 2021 . https://web.archive.org/web/20210602213256/https://threatpost.com/use-java-zero-day-flaws-tied-nitro-attack-crew-083012/76965/ . live .