SLIDE 1
Tien Phan Malware Manipulation 2019-08-26 2 Pokemon Fusion Con - - - PowerPoint PPT Presentation
Tien Phan Malware Manipulation 2019-08-26 2 Pokemon Fusion Con - - - PowerPoint PPT Presentation
Tien Phan Malware Manipulation 2019-08-26 2 Pokemon Fusion Con - Fusion Malicious Malware + = Softicious X Software Tien Phan Malware Manipulation 2019-08-26 3 Reverse Engineering More time consuming Dynamic Analysis
SLIDE 2
SLIDE 3
2019-08-26 Tien Phan Malware Manipulation 3
Software Malicious + = Malware ✔ Softicious X
Pokemon Fusion Con - Fusion
SLIDE 4
2019-08-26 Tien Phan Malware Manipulation 4
Reverse Engineering Dynamic Analysis Static Analysis Fully Automated Sandbox
More time consuming
SLIDE 5
2019-08-26 Tien Phan Malware Manipulation 5
Malware Manipulation
Automated Sandbox Dynamic Analysis Reverse Engineering supports
SLIDE 6
2019-08-26 Tien Phan Malware Manipulation 6
Malware Analysis Malware manipulation More clues Further manipulation
SLIDE 7
2019-08-26 Tien Phan Malware Manipulation 7
SLIDE 8
2019-08-26 Tien Phan Malware Manipulation 8
iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com Wannacry Unregistered domain Queries
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
SLIDE 9
2019-08-26 Tien Phan Malware Manipulation 9
SLIDE 10
2 4 6 8 10 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug 2016 2017 2018 2019
New signatures
2019-08-26 Tien Phan Malware Manipulation 10
SLIDE 11
2019-08-26 Tien Phan Malware Manipulation 11
SLIDE 12
ComputerName = xxxx& Domain = xxxx& Id = -1& LANSetting = Gateway = xxx.xxx.xxx.xxx& IP = xxx.xxx.xxx.xxx& SubnetMask = xxx.xxx.xxx.xxx& Object = LANSetting;& LoaderType = 0& OSArch = 1& OSType = 0& OSVer = xxxx& UserName = xxxx& Object = ClientInformation
2019-08-26 Tien Phan Malware Manipulation 12
SLIDE 13
2019-08-26 Tien Phan Malware Manipulation 13
SLIDE 14
2019-08-26 Tien Phan Malware Manipulation 14
SLIDE 15
2019-08-26 Tien Phan Malware Manipulation 15
C2 URI Description /cl_client_online.php POST harvested system information /cl_client_cmd.php GET C2 command /cl_client_cmd_res.php POST C2 command result /cl_client_logs.php POST log
SLIDE 16
2019-08-26 Tien Phan Malware Manipulation 16
Confluence Server Attackers Exploit CVE-2019-3396 Drop Grand Crab 5.2
- Mr. Black
- Mr. Black
Backdoor Grand Crab 5.2
CVE-2019-3396
SLIDE 17
2019-08-26 Tien Phan Malware Manipulation 17
SLIDE 18
2019-08-26 Tien Phan Malware Manipulation 18
SLIDE 19
2019-08-26 Tien Phan Malware Manipulation 19
SLIDE 20
2019-08-26 Tien Phan Malware Manipulation 20
SLIDE 21
2019-08-26 Tien Phan Malware Manipulation 21
SLIDE 22