Havoc C2 Framework Used To Target Government Organizations
An attack campaign was discovered utilizing the open-source Havoc Command and Control (C2) framework to target government organizations.
The Havoc Demon created by the framework evades detection by disabling the Event Tracing for Windows (ETW) uses CreateThreadpoolWait() to decrypt and execute shellcode reflectively loads the Havocs Demon DLL and resolves virtual addresses using API hashing routines.
The infection chain consisted of malicious documents including a decoy file a downloader a batch script and a benign JPEG file.
Featured Resources
blog
CISA Alert – Is Your Organization Exposed?
Cybersecurity is no longer a luxury, it’s a necessity with new threats emerging every day. Every day the Cybersecurity and
blog
2025 Predictions: Finally Solving Fatigue in Security and Operations
Fatigue in security and operations is not just about tired employees, but rather it’s analysts and operations staff that are
blog
How cybersecurity leaders are optimizing their budgets in 2025
2024 was a year that saw some of the biggest and most damaging data breaches in recent history, according to
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe