Home Security Risk Actors Undertake Havoc Framework for Publish-Exploitation in Focused Assaults

Risk Actors Undertake Havoc Framework for Publish-Exploitation in Focused Assaults

by crpt os


Feb 22, 2023Ravie LakshmananExploitation Framework / Cyber Threat

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel.

Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc.

“While C2 frameworks are prolific, the open-source Havoc framework is an advanced post-exploitation command-and-control framework capable of bypassing the most current and updated version of Windows 11 defender due to the implementation of advanced evasion techniques such as indirect syscalls and sleep obfuscation,” researchers Niraj Shivtarkar and Niraj Shivtarkar said.

The attack sequence documented by Zscaler begins with a ZIP archive that embeds a decoy document and a screen-saver file that’s designed to download and launch the Havoc Demon agent on the infected host.

Demon is the implant generated via the Havoc Framework and is analogous to the Beacon delivered via Cobalt Strike to achieve persistent access and distribute malicious payloads.

Havoc Framework for Post-Exploitation

It also comes with a wide variety of features that makes it difficult to detect, turning it into a lucrative tool in the hands of threat actors even as cybersecurity vendors are pushing back against the abuse of such legitimate red team software.

“After the demon is deployed successfully on the target’s machine, the server is able to execute various commands on the target system,” the researchers said, stating that the server logs the command and its response upon execution. The results are subsequently encrypted and transmitted back to the C2 server.

Havoc has also been employed in connection with a fraudulent npm module dubbed aabquerys that, once installed, triggers a three-stage process to retrieve the Demon implant. The package has since been taken down.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex