Poison Ivy: Assessing Damage and Extracting Intelligence
This report spotlights Poison Ivy (PIVY), a Remote Access Tool (RAT) that remains popular and effective a full eight years after its release, despite its age and familiarity in IT security circles. Poison Ivy has been used in several high-profile malware campaigns, most notoriously, the 2011 compromise of RSA SecurID data. The same year, Poison Ivy powered a coordinated attack dubbed Nitro against chemical makers, government agencies, defense firms and human-rights groups.
In conjunction with the study, FireEye is releasing Calamine, a set of free tools to help organizations detect and examine Poison Ivy infections on their systems.
Read about how Calamine can connect these and other facets of the attack. This evidence is especially useful when it is correlated with multiple attacks that display the same identifying features. Combining these nuts-and-bolts details with big-picture intelligence can help profile threat attackers and enhance IT defenses.