Share
Beitragsbild zu Research paper: IceApple – A Novel Internet Information Services (IIS) Post-Exploitation Framework

Research paper: IceApple – A Novel Internet Information Services (IIS) Post-Exploitation Framework

CrowdStrike’s Falcon OverWatch proactive threat hunting has uncovered a sophisticated .NET-based post-exploitation framework, dubbed IceApple. The framework has been observed being deployed on Microsoft Exchange server instances, but it is capable of running under any Internet Information Services (IIS) web application.

Suspected to be the work of a state-nexus adversary, IceApple remains under active development, with 18 modules observed in use across a number of enterprise environments, as of May 2022.

This research paper, “IceApple: A Novel Internet Information Services (IIS) Post-Exploitation Framework,” provides:

  • Insights into how proactive threat hunting uncovered IceApple
  • Information on how IceApple is being used in the wild
  • A deep dive into the functionality of all currently discovered modules of this evolving framework as well as information about how these modules interact
Research paper – Download here.

 

Bleiben Sie informiert!

  • Newsletter jeden 2. Dienstag im Monat
  • Inhalt: Webinare, Studien, Whitepaper
Dieses Feld dient zur Validierung und sollte nicht verändert werden.

Klicken Sie auf den unteren Button, um den Inhalt von Google reCAPTCHA zu laden.

Inhalt laden

Bleiben Sie informiert!

  • Newsletter jeden 2. Dienstag im Monat
  • Inhalt: Webinare, Studien, Whitepaper
Dieses Feld dient zur Validierung und sollte nicht verändert werden.

Klicken Sie auf den unteren Button, um den Inhalt von Google reCAPTCHA zu laden.

Inhalt laden