Introducing Cymulate Vero AI for Agentic Cyber Defense Engineering
Learn More
New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
New Research: Exploiting Configuration Trust in AI Coding Tools
Learn More
New Case Study: How a Financial Authority Validates Cyber Resilience
Learn More
Book a Demo
Book a Demo

Havoc C2 Framework Used To Target Government Organizations

February 28, 2023

An attack campaign was discovered utilizing the open-source Havoc Command and Control (C2) framework to target government organizations. The Havoc Demon created by the framework evades detection by disabling the Event Tracing for Windows (ETW) uses CreateThreadpoolWait() to decrypt and execute shellcode reflectively loads the Havocs Demon DLL and resolves virtual addresses using API hashing routines. The infection chain consisted of malicious documents including a decoy file a downloader a batch script and a benign JPEG file.

Featured Resources

View More Resources
image
CUSTOMERS

Financial Regulatory Authority Strengthens Security and Gains Continuous Visibility with Cymulate

Limited Visibility and Reliance on Point-in-Time Testing With a lean team of five responsible for securing a complex internal environment,

Read Case Study
image
blog

CVE-2026-35603: One Writable Folder, Every User Compromised: Exploiting Configuration Trust in AI Coding Tools

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security Researcher The AI coding tools that millions of developers launch every

Read More
image
Demo

Auto Mitigation Demo

Cymulate Auto Mitigation closes the risk-to-fix gap by automatically deploying targeted control updates when exposures are discovered. It then re-validates

Learn More