Names | VIVACIOUSGIFT | |
Category | Malware | |
Type | Backdoor, Tunneling | |
Description | (US CERT) This report looks at the malware samples known as VIVACIOUSGIFT that is used by advanced persistent threat (APT) cyber actors as a network proxy tool. The proxy requires an encrypted command line argument for its source and destination Internet Protocol (IP) addresses and has command and control (C2) functionality to retrieve and set the destination IP. The command line argument can also contain a source proxy IP, port, and password. The source proxy is used as an additional proxy when communicating with the source IP. The library libcurl version 7.94.1 is used when communicating with the source proxy. | |
Information | <https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239b> |
Last change to this tool card: 27 August 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
↳ Subgroup: BeagleBoyz | ![]() | 2014-Feb 2016 |
1 group listed (1 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |