Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS BPATTERNS Description

Table of Contents

Leviathan_FinSpy - description

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 1 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Sources:

Leviathan espionage group targeting maritime and defense organizations

Zero-day vulnerability exploited to distribute FinSpy malware

Technical analysis of FinSpy malware sample

Leviathan targets defense and government organizations. This threat actor distributes malware through spear phishing emails containing Microsoft Excel and Word documents with malicious macros.

FinSpy is malware that targets Eastern European entities for cyber espionage. It spreads through malicious Microsoft Office RTF documents that exploit the CVE-2017-8759 vulnerability.

Flowmon ADS detects domains used for malware distribution and communication with command and control servers.

Leviathan and FinSpy malware communication detection in Flowmon ADS
Leviathan and FinSpy malware communication detection in Flowmon ADS

TitleResults for “How to create a CRG?”Also Available inAlert