Beware of phishing attacks by APT-C-01 (Poison Ivy)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT-C-01, known as Poison Ivy, is a persistent threat group targeting defense, government, technology, and education sectors since 2007. They specialize in phishing attacks, including watering hole and spear-phishing, using personalized bait content. Recent observations show the group creating fake official websites for targeted phishing. When victims visit these sites, malicious payloads are automatically downloaded, which further load Sliver RAT for data theft and remote control. The attack process involves a C# loader that decrypts and loads shellcode, ultimately deploying the Sliver RAT. The malware uses PDF icons to deceive victims and employs strong obfuscation techniques. The final payload, Sliver, is an open-source, cross-platform C2 framework with multiple communication protocols and extensive functionality.
OPENCTI LABELS :
apt,phishing,poison ivy,sliver rat
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Beware of phishing attacks by APT-C-01 (Poison Ivy)