ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool VIVACIOUSGIFT

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: VIVACIOUSGIFT

NamesVIVACIOUSGIFT
CategoryMalware
TypeBackdoor, Tunneling
Description(US CERT) This report looks at the malware samples known as VIVACIOUSGIFT that is used by advanced persistent threat (APT) cyber actors as a network proxy tool. The proxy requires an encrypted command line argument for its source and destination Internet Protocol (IP) addresses and has command and control (C2) functionality to retrieve and set the destination IP. The command line argument can also contain a source proxy IP, port, and password. The source proxy is used as an additional proxy when communicating with the source IP. The library libcurl version 7.94.1 is used when communicating with the source proxy.
Information<https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239b>

Last change to this tool card: 26 August 2020

Download this tool card in JSON format

Previous: ViperRAT
Next: Vizom

All groups using tool VIVACIOUSGIFT

ChangedNameCountryObserved

APT groups

     ↳ Subgroup: BeagleBoyzNorth Korea2014-Feb 2016 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key